In NGFW, you can configure network flood protection parameters per network zone for TCP (SYN-flood), UDP, and ICMP protocols by setting an alert threshold (the number of requests from a single IP address that triggers logging) and a packet drop threshold (the number of requests, after which the packets are dropped with a corresponding log entry).
It is possible to configure exceptions --- e.g., for zones that send a large number of UDP packets due to VoIP use.