Policy Object: Services
Specify the source and destination ports and protocol that a service can use.
Where Can I Use This? | What Do I Need? |
- NGFW (Cloud Managed)
- NGFW (PAN-OS & Panorama Managed)
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
| Check for any license or role requirements for the products you're using. |
When you define security rules for specific applications, you can select one
or more services to limit the port numbers the applications can use. The default service
is any, which allows all TCP and UDP ports. The HTTP and HTTPS services are predefined,
but you can add additional service definitions. Services that are often assigned
together can be combined into Service Groups to simplify the creation of Security rules.
A service object allows you to specify the source and destination ports and protocols that a
service can use. You can also create a custom service on any TCP/UDP port of your choice
to restrict application usage to specific ports on your network. Additionally, you can
use service objects to specify service-based session timeouts—this means that you can
apply different timeouts to different user groups even when those groups are using the
same TCP or UDP service, or, if you’re migrating from a port-based Security policy with
custom applications to an application-based Security policy, you can easily maintain
your custom application timeouts.
After you have created your service objects, you can then group a collection of services to
create a Service Group that requires the same policy enforcement. Services that are
often assigned together can be combined into Service Groups to simplify the creation of
security rules.