When you define security policies for specific applications, you can select one or more services to limit the port numbers the applications can use. The default service is any, which allows all TCP and UDP ports.
The HTTP and HTTPS services are predefined, but you can add additional service definitions. Services that are often assigned together can be combined into service groups to simplify the creation of security policies (refer to Objects > Service Groups).
The following table describes the service settings.
Service Setting Description
Name Enter the service name (up to 63 characters). This name appears in the services list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Description Enter a description for the service (up to 255 characters).
Shared Select this option if you want the service object to be available to: Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the service object will be available only to the Virtual System selected in the Objects tab. Every device group on Panorama. If you clear this selection, the service object will be available only to the Device Group selected in the Objects tab.
Disable override ( Panorama only ) Select this option if you want to prevent administrators from creating local copies of the service object in descendant device groups by overriding its inherited values. This selection is cleared by default, which means overriding is enabled.
Protocol Select the protocol used by the service (TCP or UDP).
Destination Port Enter the destination port number (0 to 65535) or range of port numbers (port1-port2) used by the service. Multiple ports or ranges must be separated by commas. The destination port is required.
Source Port Enter the source port number (0 to 65535) or range of port numbers (port1-port2) used by the service. Multiple ports or ranges must be separated by commas. The source port is optional.

Related Documentation