Services:

o Define security policies for specific applications, can select one or more services.
o This Service Object is used to limit the port numbers the applications can use.
o The default service is any, which allows all TCP and UDP ports from 1 to 65535.
o There are many services are predefined but can add additional service definitions.
o Now can reference the newly added service when configuring the security policy.
o To simplify the creation of security policies, combine services into service groups.
o In FortiGate FW services can also be bundled into groups for ease of administration.
o 3 Service objects can be added and configured: Categories, Services, Service Groups.
o To make sorting through the services easier there is a field to categorize the services.

Uncategorized FINGER, NetMeeting, TIMESTAMP

General All, ALL_TCP, All_UDP, All_ICMP, All-ICMP6
Web Access HTTP, HTTPS
File Access FTP, FTP_GET, FTP_PUT, NFS, TFTP, SMB
Email IMAP, IMAPS,POP3, POP3S, SMTP, SMTPS
Network Services DNS, DHCP, NTP, OSPF, PING, RIP, SNMP, SYSLOG
Authentication LDAP, KERBEROS, LDAP_UDP, RADIUS
Remote Access SSH, TELNET,RDP, VNC, PC-Anywhere
Tunneling GRE,AH, ESP,IKE,L2TP,PPTP,SOCKS
VoIP, Messaging & Other Applications SCCP, SIP,RTSP,H323,MYSQL
Web Proxy Webproxy

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717

Creating Category:
To create a new category, use the downward pointing arrow next to Create New in the Services
window and choose Category.

All that will be required is a name for the new category. A comments describing the new
category is optional.

Creating Service:
Go to Policy & Objects > Services. Select Create New. A drop-down menu is displayed. Select
Service Enter a name in the Name field for the new service, include any description you would
like in the Comments field.
Name Test-Service
Comments Test Services
Color Give any color to icon in this case Red
Show in Service List Enable to show the service
Protocol Type TCP/UDP/SCTP
Address IP Range
Destination Port TCP/23
Specify Source Port Disable
OK To save the change

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717

Protocol Types:
o One of fundamental aspects of a service is the type of protocol that use used to define it.
o When a service is defined one of following categories of protocol needs to be determined:
o Depending which protocol categories is choose another set of specifications will be defined.
o In Protocol Type options are the TCP/UDP/SCTP, ICMP, ICMP6 and Internet Protocol (IP).

TCP/UDP/SCTP:
o TCP/UDP/SCTP is the most widely and commonly used service protocol category.
o Once this has been selected other available options to choose are either IP or FQDN.
o Once this has been selected other available options is the protocol and port number.
o In this selected TCP/UPD/SCTP category the protocol will be the TCP, UDP or SCTP.

ICMP or ICMP6:
o When ICMP or ICMP6 is chosen the available options are the ICMP Type and its code.

IP:
o When IP is the chosen protocol type the addition, option is the Protocol Number.
o IP is responsible for more than the address that it is most commonly associated with.
o There are a number of associated protocols that make up the Network Layer, Layer 3.
o there are not 256 of them, field that identifies them is a numeric value between 0 and 256.
3 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717
Creating Service Group:
Go to Policy & Objects > Services. Select Create New. A drop-down menu is displayed. Select
Service Group. Input a Group Name to describe the services being grouped. Input any
additional information in the Comments field.

Verification:

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] ,Mobile: 056 430 3717