Firewalls allow you to secure SCTP traffic by inspecting messages; by filtering SCTP, Diameter, and SS7 chunks; and by protecting against SCTP INIT packet flooding.
Stream Control Transmission Protocol (SCTP) is a reliable message-based transport protocol (number 132) that sends multiple streams of signaling, voice, and other data simultaneously. Mobile networks use SCTP to transport signaling traffic on various interfaces, such as S1-MME, S6a, and X2.
You use the multilayered approach of your firewall to secure your SCTP traffic. You can filter SCTP traffic based on payload protocol IDs (PPIDs). You can apply granular-level filtering on Diameter traffic over SCTP and SS7 traffic over SCTP. You can validate SCTP packets to ensure they comply with RFC4960. You can also protect against flooding of SCTP initiation (INIT) packets. In the case of mobile networks, these SCTP security measures help to prevent attackers from causing network congestion and outages that disrupt data and voice services of mobile subscribers and IoT devices connected to these networks. Additionally, you can view SCTP logs, ACC information, and reports to verify configurations and gain visibility into the SCTP events and traffic between two endpoints.
Only PA-5200 Series and VM-Series firewall support SCTP security in PAN-OS 8.1 releases.
- Enable SCTP security.
- Select DeviceSetupManagement and edit the General Settings to enable SCTP Security.
- Click OK.
- Create an SCTP Protection profile and specify the checks
and filters you want to apply to SCTP traffic.
- Add a profile by Name (ObjectsSecurity ProfilesSCTP Protection).
- Select SCTP Inspection to configure the action the firewall takes on unknown chunks, non-compliant chunks, and chunks of invalid length. Generating a log to alert you and blocking packets that have invalid chunks help you secure your SCTP traffic.
- Select the Log Settings for the profile—options to generate SCTP logs for allowed chunks, association start or end, and state failure events.
- Select Filtering Options for the
profile so you can filter protocols running on top of SCTP.
- Add SCTP filters to allow, block, or generate an alert for PPIDs.
- Add Diameter filters to allow, block, or generate an alert for Diameter Application IDs, Command Codes, and Attribute/Value Pairs.
- Add SS7 filters to allow, block, or generate an alert for SS7 chunks based on SCCP Calling Party SSN, SCCP Calling Party GT, and Operation Codes.
- Apply the SCTP Protection profile to a security policy
- Select PoliciesSecurity and select a Security policy rule.
- Select Actions and in the Profile Setting section, select the SCTP Protection profile you created. Configure the rest of the Security policy rule and save it.
- Allocate SCTP log storage on the firewall if you want
to capture SCTP logs.Select DeviceSetupManagement, edit the Logging and Reporting Settings, and select Log Storage. Enter quota percentages for SCTP, SCTP Summary, and the SCTP hourly, daily, and weekly summaries.
- View information about your SCTP traffic.
- Select MonitorLogsSCTP to view the SCTP logs and detailed logs.
- Select MonitorLogsTraffic and select the Detailed Log View ( ) for a log where the Application is sctp to view a detailed traffic log for an SCTP association.
- Select ACCMobile Network Activity to view SCTP events and association activity.
- View predefined reports about SCTP events and errors by selecting DeviceSetupManagement. Edit the Logging and Reporting Setting section and, for Predefined Reports, select any of the SCTP reports.
- Create a custom report on SCTP events by selecting MonitorManage Custom Reports and adding a custom report that uses the SCTP database.
SCTP Security Measures
Firewalls provide multilayer SCTP security by validating packets and chunks; filtering PPIDs, Diameter applications, and SS7 chunks; and protecting against SCTP INIT floods. ...
Palo Alto Networks® firewalls allow you to inspect SCTP traffic, validate messages, filter SCTP payload protocol IDs, Diameter applications, and SS7 chunks, and protect against ...
Monitor SCTP Security
Monitor SCTP traffic by viewing logs, ACC displays generated from SCTP logs, and predefined and custom reports. ...
Configure SCTP Security
SCTP security features allow you to inspect and filter SCTP packets. Allocate SCTP log storage so the firewall can store SCTP log information. ...
Objects > Security Profiles > SCTP Protection
Objects > Security Profiles > SCTP Protection Create a Stream Control Transmission Protocol (SCTP) Protection profile to specify the ways in which you want the ...
SCTP Packets and Chunks
An SCTP packet contains a header and data chunks; data chunks have a payload protocol ID. ...
SCTP Log Fields
SCTP Log Fields Format: FUTURE_USE, Receive Time, Serial Number, Type, FUTURE_USE, FUTURE_USE, Generated Time, Source Address, Destination Address, FUTURE_USE, FUTURE_USE, Rule Name, FUTURE_USE, FUTURE_USE, FUTURE_USE, ...
SCTP Use Cases
Palo Alto Networks® firewalls can inspect SCTP traffic in roaming and radio access network (RAN) security use cases. ...
Stream Control Transmission Protocol (SCTP)
Palo Alto Networks firewalls support SCTP security so that you can inspect, validate, and filter your SCTP traffic. ...