Information
SonicWALL - Flood Protection - Layer 3 - SYN Flood Protection Mode.
A SYN Flood Protection mode is the level of protection that you can select to defend against half-opened TCP sessions and high-frequency SYN packet transmissions.
Proxy WAN Client Connections When Attack is Suspected - This option enables the device to enable the SYN Proxy feature on WAN interfaces when the number of incomplete connection attempts per second surpasses a specified threshold. This method ensures the device continues to process valid traffic during the attack and that performance does not degrade. Proxy mode remains enabled until all WAN SYN flood attacks stop occurring or until the device blacklists all of them using the SYN Blacklisting feature. This is the intermediate level of SYN Flood protection.
Always Proxy WAN Client Connections - This option sets the device to always use SYN Proxy. This method blocks all spoofed SYN packets from passing through the device. Note that this is an extreme security measure and directs the device to respond to port scans on all TCP ports because the SYN Proxy feature forces the device to respond to all TCP SYN connection attempts. This can degrade performance and can generate a false positive. Select this option only if your network is in a high risk environment.
Solution
Navigate to Firewall Settings->Flood Protection->Layer 3 SYN Flood Protection - SYN Proxy and set 'SYN Flood Protection Mode' to a value of other than 'Watch and report possible syn floods'. 'Proxy WAN Client Connections When Attack is Suspected' - Medium Security or 'Always Proxy WAN Client Connections' - High Security, lower performance.