Product Documentation

TCP SYN Idle Timeout

Aug 30, 2016

SYN idle timeout is the timeout for establishing TCP connections that use LSN on the NetScaler appliance. If a TCP session is not established within the configured timeout period, the NetScaler removes the session. SYN idle timeout is useful in providing protection against SYN flood attacks. In an LSN configuration, the LSN group entity includes the SYN idle timeout setting.

Example

In the following sample LSN configuration, SYN idle timeout is set to 30 secs for TCP connections related to subscribers from the 192.0.2.0/24 network. 
>add lsn client LSN-CLIENT-1 
Done 
>bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0 
Done 
>add lsn pool LSN-POOL-1 
Done 
>bind lsn pool LSN-POOL-1 203.0.113.3 
Done 
>add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1 –synidletimeout 30 
Done 
>bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1  
Done