Objects > Services

When you define security policies for specific applications, you can select one or more services to limit the port numbers the applications can use. The default service is
any
, which allows all TCP and UDP ports.
The HTTP and HTTPS services are predefined, but you can add additional service definitions. Services that are often assigned together can be combined into service groups to simplify the creation of security policies (refer to Objects > Service Groups).
The following table describes the service settings:
Service Settings
Description
Name
Enter the service name (up to
63
characters). This name appears in the services list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Description
Enter a description for the service (up to 255 characters).
Shared
Select this option if you want the service object to be available to:
  • Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the service object will be available only to the
    Virtual System
    selected in the
    Objects
    tab.
  • Every device group on Panorama. If you clear this selection, the service object will be available only to the
    Device Group
    selected in the
    Objects
    tab.
Disable override (
Panorama only
)
Select this option to prevent administrators from overriding the settings of this service object in device groups that inherit the object. This selection is cleared by default, which means administrators can override the settings for any device group that inherits the object.
Protocol
Select the protocol used by the service (TCP or UDP).
Destination Port
Enter the destination port number (0 to 65535) or range of port numbers (port1-port2) used by the service. Multiple ports or ranges must be separated by commas. The destination port is required.
Source Port
Enter the source port number (0 to 65535) or range of port numbers (port1-port2) used by the service. Multiple ports or ranges must be separated by commas. The source port is optional.

Related Documentation