
Services | Firewall configuration |
|
|
Services
Use services to control the types of communication accepted or denied by the firewall. You can add any of the predefined services to a policy. You can also create your own custom services and add services to service groups.
This section describes:
•Predefined services
•Providing access to custom services
•Grouping services
Predefined services
The FortiGate predefined firewall services are listed in Table 6. You can add these services to any policy.
Table 6: FortiGate predefined services
Service name | Description | Protocol | Port |
|
|
|
|
ANY | Match connections on any port. A connection | all | all |
| that uses any of the predefined services is |
|
|
| allowed through the firewall. |
|
|
|
|
|
|
GRE | Generic Routing Encapsulation. A protocol that |
| 47 |
| allows an arbitrary network protocol to be |
|
|
| transmitted over any other arbitrary network |
|
|
| protocol, by encapsulating the packets of the |
|
|
| protocol within GRE packets. |
|
|
|
|
|
|
AH | Authentication Header. AH provides source |
| 51 |
| host authentication and data integrity, but not |
|
|
| secrecy. This protocol is used for |
|
|
| authentication by IPSec remote gateways set |
|
|
| to aggressive mode. |
|
|
|
|
|
|
ESP | Encapsulating Security Payload. This service is |
| 50 |
| used by manual key and AutoIKE VPN tunnels |
|
|
| for communicating encrypted data. AutoIKE |
|
|
| key VPN tunnels use ESP after establishing the |
|
|
| tunnel using IKE. |
|
|
|
|
|
|
AOL | AOL instant messenger protocol. | tcp | |
|
|
|
|
BGP | Border Gateway Protocol routing protocol. | tcp | 179 |
| BGP is an interior/exterior routing protocol. |
|
|
|
|
|
|
Dynamic Host Configuration Protocol (DHCP) | udp | 67 | |
| allocates network addresses and delivers |
|
|
| configuration parameters from DHCP servers |
|
|
| to hosts. |
|
|
|
|
|
|
DNS | Domain name service for translating domain | tcp | 53 |
| names into IP addresses. |
|
|
| udp | 53 | |
|
| ||
|
|
|
|
FINGER | A network service that provides information | tcp | 79 |
| about users. |
|
|
|
|
|
|
FTP | FTP service for transferring files. | tcp | 21 |
|
|
|
|
GOPHER | Gopher communication service. Gopher | tcp | 70 |
| organizes and displays Internet server contents |
|
|
| as a hierarchically structured list of files. |
|
|
|
|
|
|
182 | Fortinet Inc. |