config firewall : config firewall service
 
config firewall service
Use this command to create the service objects that you use in firewall rules.
The following policies use the firewall service objects:
Firewall policies
QoS policies
Connection limit policies
Basic Steps
1. Create service objects.
2. Specify them when you configure your policies.
Before you begin:
You must have read-write permission for firewall settings.
Syntax
config firewall service
edit <name>
set destination-port-min <integer>
set destination-port-max <integer>
set protocol <integer>
set source-port-min <integer>
set source-port-max <integer>
next
end
destination-port-min
First port number in the listening port number/range. For example, web servers usually listen on TCP port 80 (HTTP). Valid range: 0 - 65535.
destination-port-max
Last port number in the listening port number/range.
protocol
Number in the IPv4 Protocol/IPv6 Next Header field that identifies the protocol, such as 1 (ICMP), 6 (TCP) or 17 (UDP).
source-port-min
First port number in the originating port number/range. For some protocols, this is a single, predictable number, such as 162 (SNMP). For others, it is dynamically chosen from available ports in the 1024-65535 range.Valid range: 0 - 65535.
source-port-max
Last port number in the originating port number/range.
Example
FortiADC-VM # config firewall service
 
FortiADC-VM (service) # edit fw-http
Add new entry 'fw-http' for node 1862
FortiADC-VM (fw-http) # get
protocol : 1
source-port-min : 0
source-port-max : 65535
destination-port-min: 0
destination-port-max: 65535
 
FortiADC-VM (fw-http) # set protocol 6
FortiADC-VM (fw-http) # set destination-port-min 80
FortiADC-VM (fw-http) # set destination-port-max 80
 
FortiADC-VM (fw-http) # get
protocol : 6
source-port-min : 0
source-port-max : 65535
destination-port-min: 80
destination-port-max: 80
 
FortiADC-VM (fw-http) # end