When you define security policies for specific applications,
you can select one or more services to limit the port numbers the
applications can use. The default service is
which allows all TCP and UDP ports.
The HTTP and HTTPS services are predefined, but you can add additional service
definitions. Services that are often assigned together can be combined into
service groups to simplify the creation of security policies (refer
> Service Groups).
The following table describes the service settings:
Enter the service name (up to
This name appears in the services list when defining security policies.
The name is case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
Enter a description for the service (up
to 255 characters).
Select this option if you want the service
object to be available to:
Every virtual system (vsys)
on a multi-vsys firewall. If you clear this selection, the service
object will be available only to the
Every device group on Panorama. If you clear this selection,
the service object will be available only to the
selected in the
Disable override (
Select this option to prevent administrators
from overriding the settings of this service object in device groups
that inherit the object. This selection is cleared by default, which
means administrators can override the settings for any device group
that inherits the object.
Select the protocol used by the service
(TCP or UDP).
Enter the destination port number (0 to
65535) or range of port numbers (port1-port2) used by the service.
Multiple ports or ranges must be separated by commas. The destination
port is required.
Enter the source port number (0 to 65535)
or range of port numbers (port1-port2) used by the service. Multiple
ports or ranges must be separated by commas. The source port is