TCP SYN Idle Timeout
SYN idle timeout is the timeout for establishing TCP connections that use LSN on the Citrix ADC appliance. If a TCP session is not established within the configured timeout period, the Citrix ADC removes the session. SYN idle timeout is useful in providing protection against SYN flood attacks. In an LSN configuration, the LSN group entity includes the SYN idle timeout setting.
In the following sample LSN configuration, SYN idle timeout is set to 30 secs for TCP connections related to subscribers from the 192.0.2.0/24 network.
add lsn client LSN-CLIENT-1 Done bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-1 Done bind lsn pool LSN-POOL-1 203.0.113.3 Done add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1 –synidletimeout 30 Done bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1 Done