SynFlood attacks will only be blocked by this signature if the following parameter is set to true (pam.tcp.synflood.protection).
Some parameters can be adjusted to reduce false-positives or avoid problems in customer's environment, such as :
pam.tcp.synflood.protection.untrusted.rate
pam.tcp.synflood.protection.duplicatesyn.retransmit
pam.tcp.synflood.protection.duplicatesyn.timeout
pam.tcp.synflood.protection.duplicatesyn.enabled
pam.tcp.synflood.protection
pam.tcp.synflood.size
pam.tcp.synflood.limit
For example,
NAME=pam.tcp.synflood.limit
VALUE=1000
According to your environment, you can modify the above parameter to suit it
pam.tcp.synflood.protection.untrusted.rate
pam.tcp.synflood.protection.duplicatesyn.retransmit
pam.tcp.synflood.protection.duplicatesyn.timeout
pam.tcp.synflood.protection.duplicatesyn.enabled
pam.tcp.synflood.protection
pam.tcp.synflood.size
pam.tcp.synflood.limit
For example,
NAME=pam.tcp.synflood.limit
VALUE=1000
According to your environment, you can modify the above parameter to suit it