You can configure a TCP Split Handshake Drop in
a Zone Protection profile to prevent TCP sessions from being established
unless they use the standard three-way handshake. This task assumes
that you assigned a security zone for the interface where you want
to prevent TCP split handshakes from establishing a session.
Configure a Zone Protection profile to prevent
TCP sessions that use anything other than a three-way handshake
to establish a session.
create a new profile (or select an existing profile).
If creating a new profile, enter a
the profile and an optional
Packet Based Attack
Apply the profile to one or more security zones.
and select the zone where
you want to assign the zone protection profile.
In the Zone window, from the
drop-down, select the profile you configured
in the previous step.
Alternatively, you could start creating a new profile here by
Zone Protection Profile
, in which
case you would continue accordingly.
) Repeat steps 1-3 to apply the
profile to additional zones.