SonicOS SYN cookies

Laurens · June 2022

Hi,

Can someone tell met how to enable SYN cookies on a NSA2700.

BWC · June 2022

@Laurens IMHO it's part of the Syn Flood Protection

https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-network_firewall/Content/Firewall_Flood_Protection/firewall-flood-protection-tcp-layer-3-syn.htm/

The method of SYN flood protection employed starting with SonicOS uses stateless SYN Cookies, which increase reliability of SYN Flood detection, and also improves overall resource utilization on the SonicWall. With stateless SYN Cookies, the SonicWall does not have to maintain state on half-opened connections. Instead, it uses a cryptographic calculation (rather than randomness) to arrive at SEQr

--Michael@BWC

Laurens · June 2022

Hi Michael,

Thanks for the reply. If I read help.sonicwall.com/help/sw/eng/published/1315439934_5.8.1/Firewall_tcpView.html is states "The method of SYN flood protection employed starting with SonicOS Enhanced uses stateless SYN Cookies". How do I know if I'm running SonicOS Enhanced? I see an option under security services -> summary - Enhanced security (toggle). Is this what is required for enabling SonicOS Enhanced?

https://community.sonicwall.com/technology-and-support/discussion/comment/15317#Comment_15317

BWC · June 2022

@Laurens to be honest, I can't tell if there is an Enhanced SonicOS anymore. All Gen6 (and I believe Gen5 as well) appliances were already running SonicOS Enhanced and I believe on Gen7 it's just SonicOS from now on. It was a license option way back.

Excerpt from a TSR:
Gen6: Firmware Version          : SonicOS Enhanced 6.5.4.4-44n
Gen7: Firmware Version          : SonicOS 7.0.1-5065-R2799

--Michael@BWC

Join the Conversation

SonicOS SYN cookies

Best Answer

Answers