SCTP Firewall
FortiGate stateful firewalls will protect and inspect SCTP traffic, according to RFC4960. SCTP over IPSec VPN is also supported. The FortiGate device is inserted as a router between SCTP endpoints. It checks SCTP Syntax for the following information:
• Source and destination port
• Verification Tag
• Chunk type, chunk flags, chunk length
• Sequence of chunk types
• Associations
The firewall also oversees and maintains several SCTP security mechanisms:
• SCTP four-way handshake
• SCTP heartbeat
• NAT over SCTP
The firewall has IPS DoS protection against known threats to SCTP traffic, including INIT/ACK flood attacks, and SCTP fuzzing.