FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 9 - Firewall > Building firewall objects and policies > Example: TCP/UDP/SCTP Service

Example: TCP/UDP/SCTP service

To create and configure a TCP/UDP/STCP protocol type service.

You have set up some new web cams at work that send a constant live feed to a security service. Not only do these cameras have a feed that can be sent offsite they can be remotely managed from a browser or an application.

The ports that need to be opened to use all of the features of the web cams are:

  • Management by browser - TCP on port 8000
  • Real time video feed - UDP on port 4000
  • Connection through vendor application - SCTP on port 1600

The IP address of the offsite service is 256.25.56.12 (Not a valid IP address. Used for example only)

  • One service will be needed for the incoming connections
  • One service will be needed for the outgoing connections

The IT manager would like the service for the outgoing data stream to be tied to the destination of the Surveillance service site so that service can only be used for that one vendor.

To add the incoming service
  1. Go to Policy & Objects > Objects > Services and select Create New > Service.
  2. Fill out the fields with the following information
Name WebCam_Connection-incoming
Comments <Input into this field is optional>
Service Type Firewall
Show in Service List Check in check box
Category Surveillance
Protocol Type TCP/UDP/SCTP
IP/FQDN <Leave blank>

 

  Destination Port Source Port
Protocol Low High Low High
TCP 8000 8000 1 65535
SCTP 16000 16000 1 65535

 

The source port range can be left blank as the default is 1 to 65635.
  1. Select OK.
  2. Enter the following CLI command:

config firewall service custom

edit WebCam_Connection-incoming

Set protocol TCP/UDP/SCTP

Set tcp-portrange 8000

Set sctp-portrange 16000

Set visibility enable

end

To add the outgoing service
  1. Go to Policy & Objects > Objects > Services and select Create New > Service.
  2. Fill out the fields with the following information
Name WebCam_Connection-outgoing
Comments <Input into this field is optional>
Service Type Firewall
Color <Changing this value is optional>
Show in Service List Check in check box
Category Surveillance
Protocol Type TCP/UDP/SCTP
IP/FQDN 256.25.56.12

 

  Destination Port Source Port
Protocol Low High Low High
TCP 4000 4000 1 65535
  1. Select OK.
  2. Enter the following CLI command:

config firewall service custom

edit WebCam_Connection-incoming

Set protocol TCP/UDP/SCTP

Set category Surveillance

Set udp-portrange 4000

Set iprange 256.25.56.12

Set visibility enable

end

To verify that the category was added correctly:
  1. Go to Policy & Objects > Objects > Services. Check that the services have been added to the service list and that they are correct.
  2. Enter the following CLI command:

config firewall service custom

edit <the name of the service that you wish to verify>

Show full-configuration

This should bring up all of the details of the service.

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy