Configuring firewall service groups
Service groups are an easy way to manage multiple services, especially if the same services are used on different networks.
The two service groups used here are intended for normal office traffic to the Internet, and for restricted traffic between departments. In both cases network traffic will be limited to the services listed to prevent any potential security risks or bandwidth-robbing applications.
These service groups can be changed as needed to either include additional valid services that are being used on the network, or to exclude services that are not required. Also, custom services can be created as needed for applications that are not listed.
To configure two firewall service groups - web-based manager
1. Open the Accounting VDOM.
2. Go to Firewall Objects > Service > Group.
3. Select Create New, enter the following information, and select OK.
Group Name | OfficeServices |
Members | HTTP, HTTPS, SSL, FTP, DNS, NTP, POP3, PING, SMTP |
4. Select Create New, enter the following information, and select OK.
Group Name | AccountingSalesServices |
Members | HTTPS, POP3, PING, SMTP |
To configure two firewall service groups - CLI
config vdom
edit Accounting
config firewall service group
edit OfficeServices
set member HTTP HTTPS SSL FTP DNS NTP POP3 PING SMTP
next
edit AccountingSalesServices
set member HTTPS POP3 PING SMTP
end
end