SYN Cookie is a stateless SYN proxy mechanism you can use in conjunction with traditional SYN flood defenses to protect a security device against a SYN flood attack. Like a traditional SYN proxy, SYN Cookie is activated when the syn-flood attack-threshold is exceeded. You must set an attack threshold before enabling SYN Cookie.
To enable the SYN Cookie feature globally on a security device:
Set a SYN flood attack threshold (see Screen Options).
Select the TCP SYN proxy SYN cookie check box.
Click Apply to save your settings.