Manage SCTP from Panorama
Expand all | Collapse all
Manage SCTP from Panorama
Use Panorama™ to configure SCTP for firewalls in a device
group and then push the configuration to the Device Group.
Use Panorama™ to configure SCTP security for
firewalls in a Device Group. If your Panorama operates in legacy
mode, allocate log storage quotas to store SCTP logs on a Panorama Log
Collector.
Log in to your Panorama virtual or M-Series appliance
and enable SCTP security.
Select and
edit the General Settings.
Enable (select)
SCTP Security
.
(
Panorama in legacy mode only
) Allocate log
quotas for Panorama.
If your Panorama uses legacy mode, the General Information
on the
Dashboard
indicates
SystemMode: legacy
.
In this case, SCTP log storage percentages for firewalls managed
by Panorama are required or your commit will fail. The log storage
allocations default to 1% but you can increase these allocations.
Select and
edit Logging and Reporting Settings.
On the
Log Storage
tab, for
SCTP
,
enter a
Quota (%)
(default is 1%). Each SCTP
log storage percentage you assign must equate to a minimum of 32MB,
as shown to the right of the percentage.
You should assign sufficient disk space for SCTP
logs based on the number of firewalls you configured with SCTP security
that this Panorama appliance is managing.
(
Optional
) The
Max Days
that
Panorama keeps SCTP logs is unlimited by default, but you can specify
a limit for the number of days (range is 1 to 2,000).
For
SCTP Summary
, enter a
Quota
(%)
equivalent to a minimum of 32MB (default is 1%).
The
Max Days
that the firewall keeps SCTP
Summary logs is unlimited by default, but you can specify a limit
for the number of days (range is 1 to 2,000).
Enter
Quota(%)
and
Max
Days
for
Hourly SCTP Summary
,
Daily
SCTP Summary
, and
Weekly SCTP Summary
,
with each percentage equivalent to at least 32MB (default is 1%).
If your Panorama uses Panorama mode, the General
Information on the
Dashboard
displays
SystemMode: panorama
.
In this case, you do not need to configure any separate SCTP log
quotas.
Create a Device Group. Select and
Add a Device Group that includes the managed
firewalls, as described in the Panorama 8.1 Administrator’s Guide.
Create an SCTP Protection profile for the Device Group.
Select the
Device Group
you
created.
Add
an SCTP Protection profile
for the Device Group using the same procedure you use when you
Configure
SCTP Security on a firewall.
Apply the SCTP Protection profile to a Security policy
rule.
Create a Panorama template stack. Select and
Add
Stack
, as discussed in the Panorama 8.1 Administrator’s
Guide (
Add a Template).
Allocate SCTP log quotas for the template stack.
Select
Device
and,
for
Template
, select the template stack you
created.
Select and edit Logging
and Reporting Settings.
(
VM-Series only
) Select
Single
Disk Storage
and
Log Storage Quota
.
(
PA-5200 Series only
) Select and
Session
Log Quota
.
For
SCTP
, enter a
Quota
(%)
(default is 0%). Each SCTP log storage percentage
you assign must equate to a minimum of 32MB on the firewall model to
which you push the template. Panorama does not know the size of
the log partition on the destination firewall, so no equivalent
number of bytes is displayed. However, if you try to
Commit
All Changes
, your attempt will fail if the template
is pushed to any firewall where the calculation of disk quota does
not meet the minimum requirement of 32MB.
The
Max Days
that Panorama
keeps SCTP logs is unlimited by default, but you can specify a limit
for the number of days (range is 1 to 2,000).
For
SCTP Summary
, enter a
Quota
(%)
that is equivalent to a minimum of 32MB (default
is 0%). The
Max Days
that the firewall keeps
SCTP Summary logs is unlimited by default, but you can specify a
limit for the number of days (range is 1 to 2,000).
Enter
Quota(%)
and
Max
Days
for
Hourly SCTP Summary
,
Daily
SCTP Summary
, and
Weekly SCTP Summary
,
with each percentage equivalent to a minimum of 32MB.
Select
Commit
and
Push
to Devices
to push the SCTP configuration to firewalls
in the Device Group.
Push an SCTP configuration only to firewalls where
SCTP
Security
is enabled; for those firewalls that do not
have SCTP enabled, the commit and push will fail. If the commit
fails, enable
SCTP Security
on the firewalls
and
Commit
from Panorama again.