Services

Creating a new Service Category

1. Go to Policy & Objects > Services.

2. Select Create New. A drop down menu is displayed. Select Category

3. Input a Name for the category..

4. Input any additional information in the Comments field.

5. Press OK.

 

Example of a New Category in the GUI

Field                                Value

Name                              Obscure Services

Comments                      Listing of obscure services being tested by the Development Team.

 

Example of a New Category in the CLI

config firewall service category edit “Obscure Services”

set comment “Listing of obscure services being tested by the Development Team.” end

 

Configuring a new service

Occasionally, the preconfigured list of services will not contain the needed service. There are a few variations in the creation of a service depending upon the protocol type, but the first steps in the creation of the service are common to all the variations.

 

To create a new service:

1. Go to Policy & Objects > Services.

2. Select Create New. A drop down menu is displayed. Select Service

3. Enter a name in the Name field for the new service

4. Include any description you would like in the Comments field

5. In the Service Type field choose between Firewall and Explicit Proxy. For the purposes of this chapter

Firewall will always be chosen. Explicit Proxy services covered are in the WAN-OPT Chapter.

6. Enable the toggle in the Show in Service List. If you can’t see the service when you need to select it, it serves very little purpose.

7. For the Category field, choose the appropriate category from the Category drop down menu. If none is chosen, the Uncategorized option will be chosen by default.

 

Protocol Options

This is the section where the configuration options of the service will differ depending on the type of protocol chosen. (The Step numbers will all continue on from the common step sequence)

 

TCP/UDP/SCTP

8. For the Protocol Type field, choose TCP/UDP/SCTP from the drop down menu

9. In the IP/FQDN field, an IP address or Fully Qualified Domain name can be entered if there is to be a specific destination for the service

10. Configure the Destination Port by:

  • Select from the drop down menu, TCP, UDP or SCTP
  • Enter the low end to the port range in the field indicated by grayed out Low.
  • Enter the high end of the port range in the field indicated by grayed out High. If there is only a single port in the range High can be left empty
  • Multiple ports or port ranges can be added by using the “+” at the beginning of the row
  • Rows can be removed by using the trash can symbol at the end of the row

11. If required, you can Specify Source Ports for the service by enabling the toggle switch.

  • The Src Port will match up with a Destination Port
  • Src Ports cannot be configured without there being a value for the Destination Port
  • The same rules for configuring the Destination Ports applies to the Src Ports

12. Select OK to confirm the configuration

 

 

Example

Example settings for a TCP protocol service. In this case, it is for an administrative connection to web servers on the DMZ. The protocol used is HTTPS which would normally use port 443, but that is already in use by another service such as Admin access to the firewall or an SSL-VPN connection.

 

Field                                                         Value

Name                                                       Example.com_WebAdmin

Comments                                               Admin connection to Example.com Website

Service Type                                            Firewall

Show in Service List                               enabled

Field                                                         Value

Category                                                  Web Access

Protocol Options

Protocol Type                                          TCP/UDP/SCTP

IP/FQDN                                                   <left blank>

Destination Port                                              l  Protocol: TCP

l  Low: 4300

l  High: <left blank>

Specify Source Ports                                    <disabled>


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.