When you define security policies for specific applications,
you can select one or more services to limit the port numbers the
applications can use. The default service is
any
,
which allows all TCP and UDP ports.
The HTTP and HTTPS services are predefined, but you can add additional service
definitions. Services that are often assigned together can be combined into
service groups to simplify the creation of security policies (refer
to Objects
> Service Groups).
The following table describes the service settings:
Service Settings
Description
Name
Enter the service name (up to
63
characters).
This name appears in the services list when defining security policies.
The name is case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
Description
Enter a description for the service (up
to 255 characters).
Shared
Select this option if you want the service
object to be available to:
Every virtual system (vsys)
on a multi-vsys firewall. If you clear this selection, the service
object will be available only to the
Virtual System
selected
in the
Objects
tab.
Every device group on Panorama. If you clear this selection,
the service object will be available only to the
Device
Group
selected in the
Objects
tab.
Disable override (
Panorama only
)
Select this option to prevent administrators
from overriding the settings of this service object in device groups
that inherit the object. This selection is cleared by default, which
means administrators can override the settings for any device group
that inherits the object.
Protocol
Select the protocol used by the service
(TCP or UDP).
Destination Port
Enter the destination port number (0 to
65535) or range of port numbers (port1-port2) used by the service.
Multiple ports or ranges must be separated by commas. The destination
port is required.
Source Port
Enter the source port number (0 to 65535)
or range of port numbers (port1-port2) used by the service. Multiple
ports or ranges must be separated by commas. The source port is
optional.
