Properties

Name

Specifies a symbolic name for the service. (Identifier)

DestinationPorts

Specifies the destination port or the port ranges applicable to this service.

SourcePorts

Specifies the source port or the port ranges applicable to this service. (Default: 0-65535)

MaxOutboundStreams

The configured value will be used to clamp the value for the number of Outbound Streams in an INIT chunk, and the value for the number of Inbound Streams in an INIT ACK chunk. Does not affect the firewall performance in any way but end-points will have to allocate kernel resources for every stream being negotiated, even when not in active use. (Default: 10)

MaxInboundStreams

The configured value will be used to clamp the value for the number of Inbound Streams in an INIT chunk, and the value for the number of Outbound Streams in an INIT ACK chunk. Does not affect the firewall performance in any way but end-points will have to allocate kernel resources for every stream being negotiated, even when not in active use. (Default: 10)

MaxDataChunks

The maximum allowed number of SCTP DATA chunks in each SCTP packet. Packets violating this are dropped. Can be set to 1 to disable DATA chunk bundling support. The minimum size of a DATA chunk is 20 bytes (with padding), so it is possible to fit about 70 chunks into a common 1500 byte network packet. More DATA chunks per packet will increase the cost of forwarding each packet, but also makes better use of the network bandwidth than individual packets. (Default: 50)

MaxControlChunks

The maximum allowed number of SCTP control chunks in each SCTP packet. Packets violating this are dropped. (Default: 5)

MaxSourceAddresses

Maximum number of IP addresses an initiator of an association can use including the primary IP. IP addresses that exceed this limit shall be stripped. The number of IP aliases have a profound effect on memory consumption. (Default: 2)

MaxDestAddresses

Maximum number of IP addresses a responder of an association can use including the primary IP. IP addresses that exceed this limit shall be stripped. The number of IP aliases have a profound effect on memory consumption. (Default: 2)

PPIDFiltering

Specifies whether blacklisting or whitelisting should be considered for Payload Protocol Identifier (PPID) validation of an SCTP DATA chunk. (Default: Blacklist)

Whitelist

Whitelist filter on Payload Protocol Identifier (PPID). If configured only DATA chunks with these PPIDs will be allowed. SCTP associations carrying disallowed DATA chunks will be closed. Note: Whitelist and Blacklist are exclusive; Only one of them can be configured at the same time. (Optional)

Blacklist

Blacklist filter on Payload Protocol Identifier (PPID). If configured, DATA chunks with these PPIDs will be disallowed, and all others allowed. SCTP associations carrying disallowed DATA chunks will be closed. Note: Whitelist and Blacklist are exclusive; Only one of them can be configured at the same time. For whitelist to be selectable blacklist must be disabled. (Optional)

PassICMPReturn

Enable passing an ICMP error message only if it is related to an existing connection using this service. (Default: No)

AppProto

Specifies the application protocol than controls what extended processing/validation that is available for traffic using this service. (Optional)

Comments

Text describing the current object. (Optional)