Tcp Syn-Check - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
tcp syn-check
Use tcp syn-check to enable TCP SYN check.
Use undo tcp syn-check to disable TCP SYN check.
Syntax
tcp syn-check
undo tcp syn-check
Default
TCP SYN check is disabled.
Views
ASPF policy view
Predefined user roles
network-admin
Usage guidelines
TCP SYN check checks the first packet to establish a TCP connection whether it is a SYN packet. If
the first packet is not a SYN packet, ASPF drops the packet.
When a router attached to the network is started up, it can receive a non-SYN packet of an existing
TCP connection for the first time. If you do not want to interrupt the existing TCP connection, you can
disable the TCP SYN check. Then, the router allows the non-SYN packet that is the first packet to
establish a TCP connection to pass. After the network topology becomes steady, you can enable
TCP SYN check again.
Examples
# Enable TCP SYN check for ASPF policy 1.
<Sysname> system-view
[Sysname] aspf policy 1
[Sysname-aspf-policy-1] tcp syn-check
Related commands
aspf policy
823
Advertisement
Table of Contents
