I am trying to understand why the Cisco ASA device(s) clustered are dropping legit dhcp traffic (inbound) to the dhcp server.

The server is a linux server and it can handle the connections without being limited down.

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

The setting above is set in the ASA device, the device is treating the traffic as a threat however it is legit customer (IP-range) traffic. After a severe storm (lots of lightning & power off/on). The ISP traffic from the home dsl modems was trying to come through, however the ASA was stating IP address of the dhcp server exceeded limit (like it was an attack). It is from the ISP IP range trying to obtain a dhcp (it is not able) to and the customer has to wait a few hours for the traffic to settle down.

The engineer at Cisco said it was an attack, it is not an attack it is legit customer traffic trying to send a dhcp request but being trashed.

How does this line come into effect or could someone please explain a setting change to allow dchp traffic through without it being purged.

Otherwise during a severe storm the device purges the traffic to the server until it settles down after a few hours. The server IP is not allowed outside the ISP range as well.

Is there a way to disable this protection mechanism from the dhcp traffic or is this a hard-coded global setting?