How can I configure Service Objects?
Description
Services are to control network traffic by creating rules for allowing or blocking it to the network. The device has Default Services and custom services:
- Default services:
Default services are the defined services which will have the standard ports which cannot be deleted. The service has following parameters:- Name: Service Name
Protocol Type: Type of IP protocol
Port Range : Range of the port
- Name: Service Name
- Custom services:
All custom services created are listed in the Custom Services table. You can create a group of services by creating a Custom Service Group for easy policy enforcement.
Custom service also have the same parameter as default services.
We can add or edit the custom services and also we can group the custom services into group which is also editable.
Protocols in the drop down
The following are the protocols and IP number supported and available in the drop down
| ICMP(1) : Internet Control Message Protocol | Internet Control Message Protocol, an extension to the Internet Protocol (IP). ICMP supports packets containing error, control, and informational messages. The PING command uses ICMP. |
| IGMP (2) : Internet Group Management Protocol | The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for an Internet computer to report its multicast group membership to adjacent routers. |
| TCP (6) : Transmission Control Protocol | TCP is a standard that defines how to establish and maintain a network conversation via which application programs can exchange data. |
| UDP (17) : User Datagram Protocol | UDP (User Datagram Protocol) is a communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses the Internet Protocol (IP). UDP is an alternative to the Transmission Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit (called a datagram) from one computer to another. |
| GRE (47) : Generic Routing Encapsulation | Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks. |
| ESP (50) : Encapsulated Security Payload | Encapsulating Security Payload (ESP) provides confidentiality, in addition to authentication, integrity, and anti-replay. |
| EIGRP (88) : Enhanced Interior Gateway Routing Protocol | Provides superior convergence properties and operating efficiency, and combines the advantages of link state protocols with those of distance vector protocols. |
| OSPF (89) : Open Shortest Path First | An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. |
| PIMSM (103) : Protocol Independent Multicast Sparse Mode | One of two PIM operational modes (dense and sparse). PIM sparse mode tries to constrain data distribution so that a minimal number of routers in the network receive it. Packets are sent only if they are explicitly requested at the RP (rendezvous point). In sparse mode, receivers are widely distributed, and the assumption is that downstream networks will not necessarily use the datagrams that are sent to them. The cost of using sparse mode is its reliance on the periodic refreshing of explicit join messages and its need for RPs. |
| L2TP (115) : Layer 2 Tunneling Protocol | A protocol that allows a PPP session to run over the Internet. L2TP does not include encryption, but defaults to using IPSec in order to provide virtual private network (VPN) connections from remote users to the corporate LAN. |
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
To configure a service:
- Navigate to the Object tab
- Go to Match Objects | Services.
3. Click Add
4.Enter the Name of the Service Object
5.Select the IP Type - You can also use a Custom Type
6.Enter the Port Range or IP protocol Sub Type depending on your IP protocol selection:
- For TCP and UDP protocols, specify the Port Range. You will not need to specify a Sub Type.
- For ICMP, IGMP, OSPF and PIMSM protocols, select from the Sub Type pull-down menu for sub types.
- For the remaining protocols, you will not need to specify a Port Range or Sub Type.
Here's how to create a Service Group:
- Navigate to the Object tab
- Go to Objects | Services.
- Click on the Service Group tab and click Add
This way you can create a Group of different Service Objects that can be used to setup your firewall rules.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
To configure a service:
- Navigate to the Manage tab
- Go to Objects | Service Objects.
- Click Add
- Enter the Name of the Service Object
- Select the IP Type - You can also use a Custom Type
- Enter the Port Range or IP protocol Sub Type depending on your IP protocol selection:
- For TCP and UDP protocols, specify the Port Range. You will not need to specify a Sub Type.
- For ICMP, IGMP, OSPF and PIMSM protocols, select from the Sub Type pull-down menu for sub types.
- For the remaining protocols, you will not need to specify a Port Range or Sub Type.
Here's how to create a Service Group:
- Navigate to the Manage tab
- Go to Objects | Service Objects.
- Click on the Service Group tab and click Add
This way you can create a Group of different Service Objects that can be used to setup your firewall rules.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Navigate to Network | Services.
- Click Add at the bottom of the page
- Enter the Name of the Service Object
- Select the IP Type - You can also use a Custom Type
- Enter the Port Range or IP protocol Sub Type depending on your IP protocol selection:
- For TCP and UDP protocols, specify the Port Range. You will not need to specify a Sub Type.
- For ICMP, IGMP, OSPF and PIMSM protocols, select from the Sub Type pull-down menu for sub types.
- For the remaining protocols, you will not need to specify a Port Range or Sub Type.
Here's how to create a Service Group:
- Navigate to Network | Services
- Click on the Service Group tab and click Add
This way you can create a Group of different Service Objects that can be used to setup your firewall rules.