Scribd
Upload
35 views4 pages

58-Services Objects

The document discusses FortiGate firewall services, including: - Predefined services that allow/deny specific port numbers and protocols - The ability to create custom services and categorize them - Grouping services into service groups for easier administration and policy creation - Configuring service objects involves selecting a protocol type (TCP, UDP, etc.), ports, and IP ranges

Uploaded by

vishaljakahr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views4 pages

58-Services Objects

The document discusses FortiGate firewall services, including: - Predefined services that allow/deny specific port numbers and protocols - The ability to create custom services and categorize them - Grouping services into service groups for easier administration and policy creation - Configuring service objects involves selecting a protocol type (TCP, UDP, etc.), ports, and IP ranges

Uploaded by

vishaljakahr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Services:

o Define security policies for specific applications, can select one or more services.
o This Service Object is used to limit the port numbers the applications can use.
o The default service is any, which allows all TCP and UDP ports from 1 to 65535.
o There are many services are predefined but can add additional service definitions.
o Now can reference the newly added service when configuring the security policy.
o To simplify the creation of security policies, combine services into service groups.
o In FortiGate FW services can also be bundled into groups for ease of administration.
o 3 Service objects can be added and configured: Categories, Services, Service Groups.
o To make sorting through the services easier there is a field to categorize the services.

Uncategorized FINGER, NetMeeting, TIMESTAMP


General All, ALL_TCP, All_UDP, All_ICMP, All-ICMP6
Web Access HTTP, HTTPS
File Access FTP, FTP_GET, FTP_PUT, NFS, TFTP, SMB
Email IMAP, IMAPS,POP3, POP3S, SMTP, SMTPS
Network Services DNS, DHCP, NTP, OSPF, PING, RIP, SNMP, SYSLOG
Authentication LDAP, KERBEROS, LDAP_UDP, RADIUS
Remote Access SSH, TELNET,RDP, VNC, PC-Anywhere
Tunneling GRE,AH, ESP,IKE,L2TP,PPTP,SOCKS
VoIP, Messaging & Other Applications SCCP, SIP,RTSP,H323,MYSQL
Web Proxy Webproxy

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717


Creating Category:
To create a new category, use the downward pointing arrow next to Create New in the Services
window and choose Category.

All that will be required is a name for the new category. A comments describing the new
category is optional.

Creating Service:
Go to Policy & Objects > Services. Select Create New. A drop-down menu is displayed. Select
Service Enter a name in the Name field for the new service, include any description you would
like in the Comments field.
Name Test-Service
Comments Test Services
Color Give any color to icon in this case Red
Show in Service List Enable to show the service
Protocol Type TCP/UDP/SCTP
Address IP Range
Destination Port TCP/23
Specify Source Port Disable
OK To save the change

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717


Protocol Types:
o One of fundamental aspects of a service is the type of protocol that use used to define it.
o When a service is defined one of following categories of protocol needs to be determined:
o Depending which protocol categories is choose another set of specifications will be defined.
o In Protocol Type options are the TCP/UDP/SCTP, ICMP, ICMP6 and Internet Protocol (IP).

TCP/UDP/SCTP:
o TCP/UDP/SCTP is the most widely and commonly used service protocol category.
o Once this has been selected other available options to choose are either IP or FQDN.
o Once this has been selected other available options is the protocol and port number.
o In this selected TCP/UPD/SCTP category the protocol will be the TCP, UDP or SCTP.

ICMP or ICMP6:
o When ICMP or ICMP6 is chosen the available options are the ICMP Type and its code.

IP:
o When IP is the chosen protocol type the addition, option is the Protocol Number.
o IP is responsible for more than the address that it is most commonly associated with.
o There are a number of associated protocols that make up the Network Layer, Layer 3.
o there are not 256 of them, field that identifies them is a numeric value between 0 and 256.
3 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717
Creating Service Group:
Go to Policy & Objects > Services. Select Create New. A drop-down menu is displayed. Select
Service Group. Input a Group Name to describe the services being grouped. Input any
additional information in the Comments field.

Verification:

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717

You might also like