Firewalls allow you to secure SCTP traffic by inspecting messages; by filtering SCTP, Diameter, and SS7 chunks; and by protecting against SCTP INIT packet flooding.
Stream Control Transmission Protocol (SCTP) is a reliable message-based transport protocol (number 132) that sends multiple streams of signaling, voice, and other data simultaneously. Mobile networks use SCTP to transport signaling traffic on various interfaces, such as S1-MME, S6a, and X2.
You use the multilayered approach of your firewall to secure your SCTP traffic. You can filter SCTP traffic based on payload protocol IDs (PPIDs). You can apply granular-level filtering on Diameter traffic over SCTP and SS7 traffic over SCTP. You can validate SCTP packets to ensure they comply with RFC4960. You can also protect against flooding of SCTP initiation (INIT) packets. In the case of mobile networks, these SCTP security measures help to prevent attackers from causing network congestion and outages that disrupt data and voice services of mobile subscribers and IoT devices connected to these networks. Additionally, you can view SCTP logs, ACC information, and reports to verify configurations and gain visibility into the SCTP events and traffic between two endpoints.
Only PA-5200 Series and VM-Series firewall support SCTP security in PAN-OS 8.1 releases.
- Enable SCTP security.
- Selectand edit the General Settings to enableDeviceSetupManagementSCTP Security.
- Create an SCTP Protection profile and specify the checks and filters you want to apply to SCTP traffic.
- Adda profile byName().ObjectsSecurity ProfilesSCTP Protection
- SelectSCTP Inspectionto configure the action the firewall takes on unknown chunks, non-compliant chunks, and chunks of invalid length. Generating a log to alert you and blocking packets that have invalid chunks help you secure your SCTP traffic.
- Select the Log Settings for the profile—options to generate SCTP logs for allowed chunks, association start or end, and state failure events.
- SelectFiltering Optionsfor the profile so you can filter protocols running on top of SCTP.
- Add SCTP filters to allow, block, or generate an alert for PPIDs.
- Add Diameter filters to allow, block, or generate an alert for Diameter Application IDs, Command Codes, and Attribute/Value Pairs.
- Add SS7 filters to allow, block, or generate an alert for SS7 chunks based on SCCP Calling Party SSN, SCCP Calling Party GT, and Operation Codes.
- Apply the SCTP Protection profile to a security policy rule.
- Selectand select a Security policy rule.PoliciesSecurity
- SelectActionsand in the Profile Setting section, select theSCTP Protectionprofile you created. Configure the rest of the Security policy rule and save it.
- Allocate SCTP log storage on the firewall if you want to capture SCTP logs.Select, edit the Logging and Reporting Settings, and selectDeviceSetupManagementLog Storage. Enter quota percentages for SCTP, SCTP Summary, and the SCTP hourly, daily, and weekly summaries.
- View information about your SCTP traffic.
- Selectto view the SCTP logs and detailed logs.MonitorLogsSCTP
- Selectand select the Detailed Log View ( ) for a log where theMonitorLogsTrafficApplicationissctpto view a detailed traffic log for an SCTP association.
- Selectto view SCTP events and association activity.ACCMobile Network Activity
- View predefined reports about SCTP events and errors by selecting. Edit the Logging and Reporting Setting section and, for Predefined Reports, select any of the SCTP reports.DeviceSetupManagement
- Create a custom report on SCTP events by selectingand adding a custom report that uses the SCTP database.MonitorManage Custom Reports
Recommended For You
Recommended videos not found.