Filter
Top Products
6-90
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding and Specifying Services and Service and Port List Objects
Services (for groups)
Service (for objects)
The services to include in this policy object. When creating a Service
Group, you can enter more than one service by separating services with
commas. When creating a Service Object, you can enter one service
only.
You can specify services using the following formats. As you type,
Security Manager may prompt you with text-completion options
related to your entry. If you enter a service that translates directly to a
predefined service object, the entry is converted to the predefined
object name; for example, TCP/80 is converted to HTTP.
• protocol, where the protocol is 1 to 255 or a well known protocol
name such as tcp, udp, gre, icmp, and so forth. If you enter a
number, Security Manager might convert it to the associated name.
• icmp/message_type/message_code, where the message type is 1 to
255 or a well-known ICMP message type name such as echo, and
the message code is 0 to 255 (for example, icmp/unreachable/1 or
icmp/echo-reply).
• icmp6/message_type/message_code, where the message type is 1
to 255 or a well-known ICMP message type name such as echo, and
the message code is 0 to 255 (for example, icmp6/unreachable/1
or icmp6/echo-reply).
• {tcp | udp | tcp&udp}/{destination_port_number |
port_list_object} where the destination port number can be 1 to
65535, or the name of a port list object. You can enter a range of
ports using a hyphen, for example, 10-20. In this instance, the
source port number is the Default Range port list object, which
specifies the range 1-65535. (See Configuring Port List Objects,
page 6-87 for information about creating and editing port list
objects.)
Whenever you specify ports, you can also use the following special
keywords: lt (less than), gt (greater than), eq (equal to), and neq
(not equal to), followed by a number. For example, lt 440 specifies
all ports less than 440.
• {tcp | udp | tcp&udp}/{source_port_number | port_list_object}/
{destination_port_number | port_list_object}, where the source
and destination port numbers can be 1 to 65535, or the name of a
port list object. You can enter a range of ports using a hyphen, for
example, 10-20.
• (Service groups only) service_object_name, which is the name of
another existing service object. Specifying other objects lets you
nest object definitions. Click Select to select a service object or to
create a new object.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Table 6-35 Add and Edit Service Dialog Boxes (Continued)
Element Description