Monitor SCTP Security
Monitor SCTP traffic by viewing logs, ACC displays generated from SCTP logs, and predefined and custom reports.
You can enable SCTP association start logs and end logs for SCTP endpoints configured in a Security policy rule from an SCTP Protection profile. All other SCTP traffic logs are event-based logs that are generated based on the options you enable in the SCTP Protection profile.
To help you monitor SCTP traffic, the firewall uses the SCTP logs to create a visual display on the Mobile Network Activity tab in the ACC. The firewall also gives you predefined reports and the ability to generate custom reports.
View the SCTP logs to verify that your SCTP Protection profile settings are securing SCTP traffic as you intend and to see information on the wide range of SCTP attributes, including SCTP event type, chunk type, payload protocol ID, SCTP cause code, association ID, stream ID, and chunks, in addition to the general information that the firewall identifies, such as source and destination address, source and destination port, and timestamp. You can run predefined and custom reports on SCTP logs.
- View SCTP logs to see, for example,
source and destination IP addresses of SCTP traffic, whether control
chunks were allowed, whether data chunks were filtered by their
PPID, and when SCTP associations started and ended.
- Select MonitorLogsSCTP.
- Select the Detailed Log View ( ) for a specific log to view details about that log, such as the names of the Security policy rule and the SCTP filter that applied to the packets, the Verifications Tags, the Diameter Application ID, the Diameter Command Code, and the SCCP Calling Party SSN.
- View a detailed traffic log for an SCTP association,
including the name of the Security policy rule that applied to the
packet, the association ID, and the numbers of chunks sent and received.
- Select MonitorLogsTraffic and, in the filter field, enter app eq sctp and apply the filter to filter the traffic logs.
- Select the Detailed Log View ( ) for a specific log where the Application is sctp.
- (Optional) Clear SCTP logs based on your operational
- Select DeviceLog Settings.
- In the Manage Logs section, Clear SCTP Logs.
- Use ACC to view SCTP events and association activity.
- Select ACCMobile Network Activity.
- Select the Virtual System you want to view or select All (default).
- Select a Time period.
- In the SCTP Events window, select an association ID to see details of that association, such as chunks, source address, and destination address.
- View predefined reports about SCTP events and errors.
- Select DeviceSetupManagement.
- Edit the Logging and Reporting Settings and select Pre-Defined Reports.
- In the SCTP Report section, select any of the following: SCTP Events Summary, SCTP Security Events, or SCTP Error Causes (enabled by default).
- Click OK.
- Create a custom report on SCTP events.
- Select MonitorManage Custom Reports and Add a custom report.
- Enter a Name for the report.
- For the Database, select SCTP from Summary Databases or Detailed Logs (Slower).
- Generate Custom Reports to create your report and build queries based on SCTP elements, such as Chunk Type, PPID, and SCTP Event Type.
Palo Alto Networks firewalls allow you to inspect SCTP traffic, validate messages, filter SCTP payload protocol IDs, Diameter applications, and SS7 chunks, and protect against ...
Configure SCTP Security
SCTP security features allow you to inspect and filter SCTP packets. Allocate SCTP log storage so the firewall can store SCTP log information. ...
Objects > Security Profiles > SCTP Protection
Objects > Security Profiles > SCTP Protection Create a Stream Control Transmission Protocol (SCTP) Protection profile to specify the ways in which you want the ...
SCTP Security Measures
Firewalls provide multilayer SCTP security by validating packets and chunks; filtering PPIDs, Diameter applications, and SS7 chunks; and protecting against SCTP INIT floods. ...
SCTP Log Fields
SCTP Log Fields Format: FUTURE_USE, Receive Time, Serial Number, Type, FUTURE_USE, FUTURE_USE, Generated Time, Source Address, Destination Address, FUTURE_USE, FUTURE_USE, Rule Name, FUTURE_USE, FUTURE_USE, FUTURE_USE, ...
SCTP Packets and Chunks
An SCTP packet contains a header and data chunks; data chunks have a payload protocol ID. ...
An SCTP client initiates an association; either endpoint can end the association. Session timeouts control when the firewall ends an association. ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
ACC Tabs Network Activity —Displays an overview of traffic and user activity on your network. This view focuses on the top most-used applications, the top ...