beautypg.com

Providing access to custom services, Grouping services – Fortinet FortiGate 100 User Manual

Page 156

background image

156

Fortinet Inc.

Providing access to custom services

Firewall configuration

Providing access to custom services

Add a custom service if you need to create a policy for a service that is not in the
predefined service list.

1

Go to Firewall > Service > Custom.

2

Select New.

3

Enter a Name for the service. This name appears in the service list used when you
add a policy.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.

4

Select the Protocol (either TCP or UDP) used by the service.

5

Specify a Source and Destination Port number range for the service by entering the
low and high port numbers. If the service uses one port number, enter this number in
both the low and high fields.

6

If the service has more than one port range, select Add to specify additional protocols
and port ranges.
If you mistakenly add too many port range rows, select Delete

to remove each

extra row.

7

Select OK to add the custom service.
You can now add this custom service to a policy.

Grouping services

To make it easier to add policies, you can create groups of services and then add one
policy to provide or block access for all the services in the group. A service group can
contain predefined services and custom services in any combination. You cannot add
service groups to another service group.

1

Go to Firewall > Service > Group.

TCP

All TCP ports.

tcp

0-65535

TELNET

Telnet service for connecting to a remote

computer to run commands.

tcp

23

TFTP

Trivial file transfer protocol, a simple file

transfer protocol similar to FTP but with no

security features.

udp

69

UDP

All UDP ports.

udp

0-65535

UUCP

Unix to Unix copy utility, a simple file copying

protocol.

udp

540

VDOLIVE

For VDO Live streaming multimedia traffic.

tcp

7000-7010

WAIS

Wide Area Information Server. An Internet

search protocol.

tcp

210

WINFRAME

For WinFrame communications between

computers running Windows NT.

tcp

1494

X-WINDOWS

For remote communications between an

X-Window server and X-Window clients.

tcp

6000-6063

Table 5: FortiGate predefined services (Continued)

Service name

Description

Protocol

Port

See also other documents in the category Fortinet Hardware: