Configure SCTP INIT Flood Protection

1. Create a Zone Protection profile to protect against flooding of SCTP INIT packets.

   1. Select NetworkNetwork ProfilesZone ProtectionFlood Protection and enable (select) SCTP INIT.

   2. Specify the threshold Alarm Rate (cps) of SCTP INIT packets (not matching an existing session) for the zone, above which the firewall generates an alert. You can view alerts on the Dashboard and in the threat log (range is 0 to 2,000,000). The default varies per firewall model as follows:

      • PA-5280—10,000
      • PA-5260—7,000
      • PA-5250—5,000
      • PA-5220—3,000
      • VM-Series—1,000
   3. Specify the threshold rate (cps) of SCTP INIT packets (not matching an existing session) for the zone, above which the firewall will Activate the behavior to drop subsequent SCTP INIT packets. The firewall uses an algorithm to progressively drop more packets as the rate increases until the rate reaches the Maximum rate. The firewall stops dropping SCTP INIT packets if the incoming rate drops below the Activate threshold (range is 1 to 2,000,000; the default varies per firewall model as specified above for the Alarm Rate action).
   4. Specify the Maximum rate (cps) of SCTP INIT packets (not matching an existing session) allowed for the zone. When the threshold is exceeded, new connections that arrive are dropped (range is 1 to 2,000,000). The default varies per firewall model as follows:

      • PA-5280—20,000
      • PA-5260—14,000
      • PA-5250—10,000
      • PA-5220—6,000
      • VM-Series—2,000
   5. Click OK.

      The Zone Protection profile summary includes a column that indicates whether SCTP INIT Flood protection is enabled.
2. Apply the Zone Protection profile to a zone.

   1. Select NetworkZones and select a zone or Configure Interfaces and Zones to configure a new zone.
   2. For the Zone Protection Profile, select the profile you just created.
   3. Click OK.
3. Commit your changes.