Fortinet black logo

Handbook

SCTP Firewall

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:395484
Download PDF

SCTP Firewall

FortiGate stateful firewalls will protect and inspect SCTP traffic, according to RFC4960. SCTP over IPsec VPN is also supported. The FortiGate device is inserted as a router between SCTP endpoints. It checks SCTP Syntax for the following information:

  • Source and destination port
  • Verification Tag
  • Chunk type, chunk flags, chunk length
  • Sequence of chunk types
  • Associations

The firewall also oversees and maintains several SCTP security mechanisms:

  • SCTP four-way handshake
  • SCTP heartbeat
  • NAT over SCTP

The firewall has IPS DoS protection against known threats to SCTP traffic, including INIT/ACK flood attacks, and SCTP fuzzing.

SCTP Firewall

FortiGate stateful firewalls will protect and inspect SCTP traffic, according to RFC4960. SCTP over IPsec VPN is also supported. The FortiGate device is inserted as a router between SCTP endpoints. It checks SCTP Syntax for the following information:

  • Source and destination port
  • Verification Tag
  • Chunk type, chunk flags, chunk length
  • Sequence of chunk types
  • Associations

The firewall also oversees and maintains several SCTP security mechanisms:

  • SCTP four-way handshake
  • SCTP heartbeat
  • NAT over SCTP

The firewall has IPS DoS protection against known threats to SCTP traffic, including INIT/ACK flood attacks, and SCTP fuzzing.