Mobile Network Infrastructure Getting Started
    : Manage SCTP from Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Service Providers
    3. Mobile Network Infrastructure Getting Started
    4. Stream Control Transmission Protocol (SCTP)
    5. Manage SCTP from Panorama
    Download PDF

    Mobile Network Infrastructure Getting Started

    Manage SCTP from Panorama

    Table of Contents
    End-of-Life (EoL)

    Manage SCTP from Panorama

    Use Panorama™ to configure SCTP for firewalls in a device group and then push the configuration to the Device Group.
    Use Panorama™ to configure SCTP security for firewalls in a Device Group. If your Panorama operates in legacy mode, allocate log storage quotas to store SCTP logs on a Panorama Log Collector.
    1. Log in to your Panorama virtual or M-Series appliance and enable SCTP security.
      1. Select PanoramaSetupManagement and edit the General Settings.
      2. Enable (select) SCTP Security.
      3. Click OK.
    2. (Panorama in legacy mode only) Allocate log quotas for Panorama.
      If your Panorama uses legacy mode, the General Information on the Dashboard indicates SystemMode: legacy. In this case, SCTP log storage percentages for firewalls managed by Panorama are required or your commit will fail. The log storage allocations default to 1% but you can increase these allocations.
      1. Select PanoramaSetupManagement and edit Logging and Reporting Settings.
      2. On the Log Storage tab, for SCTP, enter a Quota (%) (default is 1%). Each SCTP log storage percentage you assign must equate to a minimum of 32MB, as shown to the right of the percentage.
        You should assign sufficient disk space for SCTP logs based on the number of firewalls you configured with SCTP security that this Panorama appliance is managing.
      3. (Optional) The Max Days that Panorama keeps SCTP logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
      4. For SCTP Summary, enter a Quota (%) equivalent to a minimum of 32MB (default is 1%). The Max Days that the firewall keeps SCTP Summary logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
      5. Enter Quota(%) and Max Days for Hourly SCTP Summary, Daily SCTP Summary, and Weekly SCTP Summary, with each percentage equivalent to at least 32MB (default is 1%).
      6. Click OK.
      If your Panorama uses Panorama mode, the General Information on the Dashboard displays SystemMode: panorama. In this case, you do not need to configure any separate SCTP log quotas.
    3. Create a Device Group. Select PanoramaDevice Groups and Add a Device Group that includes the managed firewalls, as described in the Panorama 8.1 Administrator’s Guide.
    4. Create an SCTP Protection profile for the Device Group.
      1. Select ObjectsSecurity ProfilesSCTP Protection.
      2. Select the Device Group you created.
      3. Add an SCTP Protection profile for the Device Group using the same procedure you use when you Configure SCTP Security on a firewall.
    5. Apply the SCTP Protection profile to a Security policy rule.
    6. Create a Panorama template stack. Select PanoramaTemplates and Add Stack, as discussed in the Panorama 8.1 Administrator’s Guide (Add a Template).
    7. Allocate SCTP log quotas for the template stack.
      1. Select Device and, for Template, select the template stack you created.
      2. Select SetupManagement and edit Logging and Reporting Settings.
        • (VM-Series only) Select Single Disk Storage and Log Storage Quota.
        • (PA-5200 Series only) Select Multi Disk StorageSession Log Storage and Session Log Quota.
      3. For SCTP, enter a Quota (%) (default is 0%). Each SCTP log storage percentage you assign must equate to a minimum of 32MB on the firewall model to which you push the template. Panorama does not know the size of the log partition on the destination firewall, so no equivalent number of bytes is displayed. However, if you try to Commit All Changes, your attempt will fail if the template is pushed to any firewall where the calculation of disk quota does not meet the minimum requirement of 32MB.
      4. The Max Days that Panorama keeps SCTP logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
      5. For SCTP Summary, enter a Quota (%) that is equivalent to a minimum of 32MB (default is 0%). The Max Days that the firewall keeps SCTP Summary logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
      6. Enter Quota(%) and Max Days for Hourly SCTP Summary, Daily SCTP Summary, and Weekly SCTP Summary, with each percentage equivalent to a minimum of 32MB.
      7. Click OK.
    8. Select Commit and Push to Devices to push the SCTP configuration to firewalls in the Device Group.
      Push an SCTP configuration only to firewalls where SCTP Security is enabled; for those firewalls that do not have SCTP enabled, the commit and push will fail. If the commit fails, enable SCTP Security on the firewalls and Commit from Panorama again.

    © 2024 Palo Alto Networks, Inc. All rights reserved.