As far as i read on :
It say :
In this example, you enable protection against a SYN-ACK-ACK proxy flood. The value unit is connections per source address. The default value is 512 connections from any single address.
So we get spoofed attacks which never hit with same ip second time , so when we put 1 to to threshold it does not trigger 
i think it count the first to not trigger the proxy.
Also we are using as bridge the SRX 3600
MX80 -->----<--- SRX3600 ----->----<----- MX80 is that make sense ?
Our routing table as this :
routing-options {
static {
route 0.0.0.0/0 next-hop 178.20.225.17;
route 185.9.156.0/24 next-hop 10.10.10.22;
route 185.9.157.0/24 next-hop 10.10.10.22;
route 185.9.158.0/24 next-hop 10.10.10.22;
route 185.90.80.0/22 next-hop 10.10.10.22;
route 185.118.140.0/22 next-hop 10.10.10.22;
route 178.20.224.0/21 next-hop 10.10.10.22;
route 37.123.96.0/21 next-hop 10.10.10.22;
route 213.238.170.0/24 next-hop 10.10.10.22;
route 213.238.171.0/24 next-hop 10.10.10.22;
route 213.238.172.0/24 next-hop 10.10.10.22;
route 213.238.173.0/24 next-hop 10.10.10.22;
route 10.0.0.4/30 next-hop 10.10.10.22;
}
}
xe-1/0/1 {
unit 0 {
family inet {
filter {
input stateless;
}
address 10.10.10.21/30;
}
}
}
xe-4/0/0 {
unit 0 {
family inet {
address 178.20.225.18/29;
}
}
}