Hi João
The basic reason is to prevent a type of denial of service attack.
An attacker will attempt to create as many connections (sending SYN-ACK-ACK) to a particular resources that either the network equipment session tables or remote servers run out of resources.
SYN Flood protection are things like Source, Destination, Attack, Timeout and Alarm Thresholds, these are all mechanisms to prevent a proxy resources from being overload and maintain protection by a combination of the thresholds you have configured for SYN flood protection.
Sample Config:
[edit security screen]
ids-option untrust-screen {
icmp {
ip-sweep threshold 1000;
fragment;
large;
flood threshold 200;
ping-death;
}
ip {
bad-option;
stream-option;
spoofing;
source-route-option;
strict-source-route-option;
unknown-protocol;
tear-drop;
}
tcp {
syn-fin;
tcp-no-flag;
syn-frag;
port-scan threshold 1000;
syn-ack-ack-proxy threshold 500;
syn-flood {
alarm-threshold 500;
attack-threshold 500;
source-threshold 50;
destination-threshold 1000;
timeout 10;
}
land;
winnuke;
tcp-sweep threshold 1000;
}
udp {
flood threshold 500;
udp-sweep threshold 1000;
}
}
The screen is then applied to the requred security zones that you will accept unkown traffic from
[edit security zones security-zone untrust]
screen untrust-screen;
Hope that makes sense, and it is very important to enable SYN flood protection if you are going to publish resources on the internet.