config firewall service
Use this command to create the service objects that you use in firewall rules.
The following policies use the firewall service objects:
• Firewall policies
• QoS policies
• Connection limit policies
Basic Steps
1. Create service objects.
2. Specify them when you configure your policies.
Before you begin:
• You must have read-write permission for firewall settings.
Syntax
config firewall service
edit <name>
set destination-port-min <integer>
set destination-port-max <integer>
set protocol <integer>
set source-port-min <integer>
set source-port-max <integer>
next
end
destination-port-min | First port number in the listening port number/range. For example, web servers usually listen on TCP port 80 (HTTP). Valid range: 0 - 65535. |
destination-port-max | Last port number in the listening port number/range. |
protocol | Number in the IPv4 Protocol/IPv6 Next Header field that identifies the protocol, such as 1 (ICMP), 6 (TCP) or 17 (UDP). |
source-port-min | First port number in the originating port number/range. For some protocols, this is a single, predictable number, such as 162 (SNMP). For others, it is dynamically chosen from available ports in the 1024-65535 range.Valid range: 0 - 65535. |
source-port-max | Last port number in the originating port number/range. |
Example
FortiADC-VM # config firewall service
FortiADC-VM (service) # edit fw-http
Add new entry 'fw-http' for node 1862
FortiADC-VM (fw-http) # get
protocol : 1
source-port-min : 0
source-port-max : 65535
destination-port-min: 0
destination-port-max: 65535
FortiADC-VM (fw-http) # set protocol 6
FortiADC-VM (fw-http) # set destination-port-min 80
FortiADC-VM (fw-http) # set destination-port-max 80
FortiADC-VM (fw-http) # get
protocol : 6
source-port-min : 0
source-port-max : 65535
destination-port-min: 80
destination-port-max: 80
FortiADC-VM (fw-http) # end