Stop creating sessions for TCP non-SYN packets

On Devices with MS-MPC and MS-DPC and with stateful firewall configured, a session is created when a packet hits the services set and matches the stateful firewall rule even if the packet is a non-SYN packet. However, in certain scenarios, a session must not be created if the first packet is a non-SYN packet even if it matches the stateful firewall rule. 

To ensure that a session is not created, include either the tcp-non-syn drop-flow or the tcp-non-syn drop-flow-send-rst statement at the [edit services service-set service-set-name service-set-options] hierarchy level. If either of the two options are configured, and if the first packet is a TCP non-SYN packet, the packet is dropped and a drop flow is created. If the tcp-non-syn drop-flow-send-rst statement is configured, in addition to the creation of a drop flow, the originator of the non-SYN packet receives a reset frame.