Services
Services are used to match traffic based on protocol information, protocol/port combinations, or ICMP type and code information. There is a set of system-defined Services that cover common types of network traffic. You can also create custom Services to identify traffic that does not match a system-defined service, for example, traffic that uses non-standard ports.
Service Groups are collections of services that fulfill a specific function (for example, the Services that allow GRE or IPsec connections).
Services and Service Groups are used in Network rules and Threat Categories within a policy, to apply rules to specific types of network traffic.
Services consist of a Name, Description, and a set of configuration options that vary depending on the type of service. The following table shows the options that are available for different types of service.
| Service type | Option | Description |
|---|---|---|
| Service Group | Services | The Services (system-defined or user-defined) that comprise this group of services. |
| ICMP/ICMPv6 | Type | The ICMP type number for the control message, defined in RFC 792 and RFC 4443. |
| Code | The ICMP code field for the control message. | |
| IP Protocol | Protocol number | The IP protocol number, from the Protocol field of an IPv4 header, or the Next Header field of an IPv6 header. |
| Protocol agent | The protocol agent assigned to this service. Click to select a protocol agent. | |
| TCP/UDP | Min/max source port |
Specifies the source port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields. (Either source or destination port is mandatory.) |
| Min/max destination port |
Specifies the destination port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields. (Either source or destination port is mandatory.) |
|
| Protocol agent | The protocol agent assigned to this service. Click to select a protocol agent. |
Protocol Agents
For IP Protocol, TCP, and UDP services, you can select a Protocol Agent. Protocol Agents are modules that perform advanced protocol inspection for the network services that are supported by Dynamic Edge Protection. When defining a custom service, select a Protocol Agent that is the closest match to the type of network traffic that matches the service.
Some types of Protocol Agent are associated with a set of features that are either enabled or disabled for network services associated with the protocol. Click the Protocol Agent assigned to your custom service to view these settings. These settings cannot be edited.