Ability to whitelist interfaces from strict TCP session handling
A customer needs to block spoofed ACK packets on their WAN interfaces in order to pass security policies. In order to do this, they need to enable strict TCP session handling so they can avoid TCP session pickup. This works, however, it's global and causes problems for one of their applications on the LAN side.
By allowing a whitelist of interfaces to allow TCP session pickup, the customer can meet security requirements without disturbing their application.