6-87
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Understanding and Specifying Services and Service and Port List Objects
When you specify ports, you can also use the following special keywords: lt (less than), gt (greater
than), eq (equal to), and neq (not equal to), followed by a number. For example, lt 440 specifies all
ports less than 440.
Tip To create port list objects, select Services > Port Lists in the Policy Object Manager and click the Add
Object button. For more information, see Configuring Port List Objects, page6-87.
{tcp | udp | tcp&udp}/{source_port_number | port_list_object}/ {destination_port_number |
port_list_object}, where the source and destination port numbers are 1-65535 or the name of a port
list object. You can enter a range of ports using a hyphen, for example, 10-20.
For example, defining a service as tcp/10/20 means that 10 is the source port and 20 is the
destination port. If you do not want to specify a destination port, use the Default Range port list
object, for example, tcp/10/Default Range.
(Service groups only) service_object_name, which is the name of another existing service object.
Specifying other objects lets you nest object definitions. Click Select to select a service object or to
create a new object.
Related Topics
Selecting Objects for Policies, page 6-2
Creating Policy Objects, page 6-9
Editing Objects, page 6-12
How Service Objects are Provisioned as Object Groups, page 6-92
Using Category Objects, page 6-12
Managing Object Overrides, page 6-17
Allowing a Policy Object to Be Overridden, page6-18
Configuring Port List Objects
Use the Port List dialog box to create, edit, or copy a port list object. Each port list object can contain
one or more ports or port ranges (for example, 1-1000 and 2000-2500). Additionally, a port list object
can include other port list objects.
You typically use port list objects when defining services, but you can also use them in various policies
to identify a port rather than typing in the port number. For more information about using port lists in
service definitions, see Understanding and Specifying Services and Service and Port List Objects,
page 6-86.
Tip The predefined Default Range port list object includes either all ports (1-65535) or all secure ports
(1024-65535), depending on the setting you select in the Security Manager Administration window
(select Tools > Security Manager Administration > Policy Objects and see Policy Objects Page,
page 11-47).
Navigation Path
Select Manage > Policy Objects, then select Services > Port Lists from the Object Type Selector.
Right-click inside the work area and select New Object or right-click a row and select Edit Object.