Re: TCP-Proxy

It has to be configured

set security screen ids-option ids-zoneX tcp syn-flood alarm-threshold #
set security screen ids-option ids-zoneX tcp syn-flood attack-threshold #
set security screen ids-option ids-zoneX tcp syn-flood source-threshold #
set security screen ids-option ids-zoneX tcp syn-flood destination-threshold #
set security screen ids-option ids-zoneX tcp syn-flood timeout #

set security zones security-zone zoneX screen ids-zoneX

Explanation of the parameters:

https://www.juniper.net/documentation/en_US/junos/topics/concept/denial-of-service-network-syn-cookie-protection-understanding.html

You can change default syn-cookie mechanism to syn-proxy using:

set security flow syn-flood-protection-mode syn-proxy