I checked the PPS on the WAN interface once the attacks start. No issue there, a slight increase initially, but then sessions stay at a few hundred which is normal. However, I did notice this in the logs:
Aug 27 15:02:53 PERF_MON: RTPERF_CPU_THRESHOLD_EXCEEDED: FPC 0 PIC 0 CPU utilization exceeds threshold, current value=90
It's slamming the CPU, once the attack stops everything goes back to normal. Any way to prevent this?