Manage SCTP from Panorama

Use Panorama™ to configure SCTP for firewalls in a device group and then push the configuration to the Device Group.
Use Panorama™ to configure SCTP security for firewalls in a Device Group. If your Panorama operates in legacy mode, allocate log storage quotas to store SCTP logs on a Panorama Log Collector.
  1. Log in to your Panorama virtual or M-Series appliance and enable SCTP security.
    1. Select
      Panorama
      Setup
      Management
      and edit the General Settings.
    2. Enable (select)
      SCTP Security
      .
    3. Click
      OK
      .
  2. (
    Panorama in legacy mode only
    ) Allocate log quotas for Panorama.
    If your Panorama uses legacy mode, the General Information on the
    Dashboard
    indicates
    System Mode: legacy
    . In this case, SCTP log storage percentages for firewalls managed by Panorama are required or your commit will fail. The log storage allocations default to 1% but you can increase these allocations.
    1. Select
      Panorama
      Setup
      Management
      and edit Logging and Reporting Settings.
    2. On the
      Log Storage
      tab, for
      SCTP
      , enter a
      Quota (%)
      (default is 1%). Each SCTP log storage percentage you assign must equate to a minimum of 32MB, as shown to the right of the percentage.
      You should assign sufficient disk space for SCTP logs based on the number of firewalls you configured with SCTP security that this Panorama appliance is managing.
    3. (
      Optional
      ) The
      Max Days
      that Panorama keeps SCTP logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
    4. For
      SCTP Summary
      , enter a
      Quota (%)
      equivalent to a minimum of 32MB (default is 1%). The
      Max Days
      that the firewall keeps SCTP Summary logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
    5. Enter
      Quota(%)
      and
      Max Days
      for
      Hourly SCTP Summary
      ,
      Daily SCTP Summary
      , and
      Weekly SCTP Summary
      , with each percentage equivalent to at least 32MB (default is 1%).
    6. Click
      OK
      .
    If your Panorama uses Panorama mode, the General Information on the
    Dashboard
    displays
    System Mode: panorama
    . In this case, you do not need to configure any separate SCTP log quotas.
  3. Create a Device Group. Select
    Panorama
    Device Groups
    and Add a Device Group that includes the managed firewalls, as described in the Panorama 8.1 Administrator’s Guide.
  4. Create an SCTP Protection profile for the Device Group.
    1. Select
      Objects
      Security Profiles
      SCTP Protection
      .
    2. In the drop-down, select the
      Device Group
      you created.
    3. Add
      an SCTP Protection profile for the Device Group using the same procedure you use when you Configure SCTP Security on a firewall.
  5. Apply the SCTP Protection profile to a Security policy rule.
  6. Create a Panorama template stack. Select
    Panorama
    Templates
    and
    Add Stack
    , as discussed in the Panorama 8.1 Administrator’s Guide (Add a Template).
  7. Allocate SCTP log quotas for the template stack.
    1. Select
      Device
      and, for
      Template
      , select the template stack you created.
    2. Select
      Setup
      Management
      and edit Logging and Reporting Settings.
      • (
        VM-Series only
        ) Select
        Single Disk Storage
        and
        Log Storage Quota
        .
      • (
        PA-5200 Series only
        ) Select
        Multi Disk Storage
        Session Log Storage
        and
        Session Log Quota
        .
    3. For
      SCTP
      , enter a
      Quota (%)
      (default is 0%). Each SCTP log storage percentage you assign must equate to a minimum of 32MB on the firewall model to which you push the template. Panorama does not know the size of the log partition on the destination firewall, so no equivalent number of bytes is displayed. However, if you try to
      Commit All Changes
      , your attempt will fail if the template is pushed to any firewall where the calculation of disk quota does not meet the minimum requirement of 32MB.
    4. The
      Max Days
      that Panorama keeps SCTP logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
    5. For
      SCTP Summary
      , enter a
      Quota (%)
      that is equivalent to a minimum of 32MB (default is 0%). The
      Max Days
      that the firewall keeps SCTP Summary logs is unlimited by default, but you can specify a limit for the number of days (range is 1 to 2,000).
    6. Enter
      Quota(%)
      and
      Max Days
      for
      Hourly SCTP Summary
      ,
      Daily SCTP Summary
      , and
      Weekly SCTP Summary
      , with each percentage equivalent to a minimum of 32MB.
    7. Click
      OK
      .
  8. Select
    Commit
    and
    Push to Devices
    to push the SCTP configuration to firewalls in the Device Group.
    Push an SCTP configuration only to firewalls where
    SCTP Security
    is enabled; for those firewalls that do not have SCTP enabled, the commit and push will fail. If the commit fails, enable
    SCTP Security
    on the firewalls and
    Commit
    from Panorama again.

Recommended For You