Properties

SCTPEnabled

Whether to enable SCTP support. When set to "No", IP services such as the "all_services" still allow SCTP traffic, but it will be forwarded as a raw IP protocol without any SCTP-specific handling or validation. (Default: Yes)

SCTPMinInitWindowCredit

Minimum allowed advertised window credit during the initial negotiation. This represents the maximum amount of user data that can be received (in bytes). Lower values than 1500 will break RFC 4960. (Default: 1500)

SCTPMaxHandshake

Maximum allowed state-tracked concurrent attempts to setup new SCTP associations; including association restarts. (Default: 1500)

SCTPMaxAssocLinks

Maximum allowed concurrent state-tracked SCTP association links. Each state-tracked SCTP association uses one association link for each combination of source and destination IP alias. The maximum number of IP aliases is ultimately restricted by the SCTP Service object. (Default: 1048576)

SCTPHandshakeLifetime

Maximum lifetime (in seconds) of the setup phase for a state-tracked SCTP association. This should be the maximum time needed for the INIT/INIT-ACK/COOKIE-ECHO/COOKIE-ACK handshake. (Default: 4)

SCTPShutdownLifetime

Maximum lifetime (in seconds) of the shutdown phase for a state-tracked SCTP association. See "T5-shutdown-guard" in Section 9.2 of RFC 4960 for details. (Default: 80)

SCTPIdleLifetime

Maximum idle lifetime (in seconds) for an established state-tracked SCTP association. The association is idle when it has no flows. (Default: 604800)

SCTPNonZeroPadding

Decides how to handle non-zero padding. (Default: StripLog)

SCTPPaddingInsideChunk

Decides how to handle padding inside a chunk. (Default: Log)

SCTPPaddingChunk

Decides how to handle padding chunk. (Default: Log)

SCTPValidateChecksum

How to handle the SCTP checksum. (Default: KeyPacketsOnly)

SCTPUnknownAddressType

What to do when the "supported address types" parameter contains unknown address types. (Default: StripLog)

SCTPLogFormatError

Decides how the device will log SCTP packets with incorrect structure or with wellknown chunk and parameter types that has invalid length (the packet will always be dropped). (Default: ObeyRule)

SCTPLogUnknownMandChunk

Decides how the device will log unknown but mandatory SCTP chunk types. (Default: ObeyRule)

SCTPLogUnknownOptChunk

Decides how the device will log unknown and optional SCTP chunk types. (Default: ObeyRule)

SCTPLogUnknownMandParam

Decides how the device will log unknown but mandatory SCTP chunk parameter types. (Default: ObeyRule)

SCTPLogUnknownOptParam

Decides how the device will log unknown and optional SCTP chunk parameter types. (Default: ObeyRule)

SCTPUnknownMandChunk

Decides how to handle unknown but mandatory SCTP chunk types; what RFC 4960 mentions as the "highest-order type bits 00" in Section 3.2. The behavior stated in the RFC roughly translates into "silently ignore the remaining chunks of this packet". (Default: Allow)

SCTPUnknownMandChunkNotify

Decides how to handle unknown but mandatory SCTP chunk types where the peer demands to be notified on failure; what RFC 4960 mentions as the "highest-order type bits 01" in Section 3.2. The behavior stated in the RFC roughly translates into "ignore the remaining chunks of this packet and send error notification about this to peer". (Default: Allow)

SCTPUnknownOptChunk

Decides how to handle unknown and optional SCTP chunk types; what RFC 4960 mentions as the "highest-order type bits 10" in Section 3.2. The behavior stated in the RFC roughly translates into "silently ignore this chunk". (Default: Allow)

SCTPUnknownOptChunkNotify

Decides how to handle unknown and optional SCTP chunk types where the peer demands to be notified on failure; what RFC 4960 mentions as the "highest-order type bits 11" in Section 3.2. The behavior stated in the RFC roughly translates into "ignore this particular chunk and send error notification about this to peer". (Default: Allow)

SCTPUnknownMandParam

Decides how to handle unknown but mandatory SCTP chunk parameter types; what RFC 4960 mentions as the "highest-order type bits 00" in Section 3.2.1. The behavior stated in the RFC roughly translates into "ignore the remaining parameters of this chunk". (Default: Allow)

SCTPUnknownMandParamNotify

Decides how to handle unknown but mandatory SCTP chunk parameter types where the peer demands to be notified on failure; what RFC 4960 mentions as the "highest-order type bits 01" in Section 3.2.1. The behavior stated in the RFC roughly translates into "ignore the remaining parameters of this chunk and send error notification about this to peer". (Default: Allow)

SCTPUnknownOptParam

Decides how to handle unknown and optional SCTP chunk parameter types; what RFC 4960 mentions as the "highest-order type bits 10" in Section 3.2.1. The behavior stated in the RFC roughly translates into "silently ignore this particular parameter". (Default: Allow)

SCTPUnknownOptParamNotify

Decides how to handle unknown and optional SCTP chunk parameter types where the peer demands to be notified on failure; what RFC 4960 mentions as the "highest-order type bits 11" in Section 3.2.1. The behavior stated in the RFC roughly translates into "ignore this particular parameter and send error notification about this to peer". (Default: Allow)

SCTPMultihoming

Decides how to handle 'IPv4' and 'IPv6' address parameters for multihoming purposes when stateless SCTP is in use. In case of stateful SCTP the 'IPv4' or 'IPv6' address parameters that do not match the IP rule used or that exceed the maximum limit of IP aliases set on the SCTP service used will always be stripped. (Default: UnrestrictLog)

SCTPHostNameAddressParam

Decides how to handle 'DNS' Host Name address parameters for multihoming purposes (note that a 'DNS' address is resolved by an external entity whose integrity is unknown). (Default: AllowLog)