Services

Firewall configuration

 

 

Services

Use services to control the types of communication accepted or denied by the firewall. You can add any of the predefined services to a policy. You can also create your own custom services and add services to service groups.

This section describes:

Predefined services

Providing access to custom services

Grouping services

Predefined services

The FortiGate predefined firewall services are listed in Table 6. You can add these services to any policy.

Table 6: FortiGate predefined services

Service name

Description

Protocol

Port

 

 

 

 

ANY

Match connections on any port. A connection

all

all

 

that uses any of the predefined services is

 

 

 

allowed through the firewall.

 

 

 

 

 

 

GRE

Generic Routing Encapsulation. A protocol that

 

47

 

allows an arbitrary network protocol to be

 

 

 

transmitted over any other arbitrary network

 

 

 

protocol, by encapsulating the packets of the

 

 

 

protocol within GRE packets.

 

 

 

 

 

 

AH

Authentication Header. AH provides source

 

51

 

host authentication and data integrity, but not

 

 

 

secrecy. This protocol is used for

 

 

 

authentication by IPSec remote gateways set

 

 

 

to aggressive mode.

 

 

 

 

 

 

ESP

Encapsulating Security Payload. This service is

 

50

 

used by manual key and AutoIKE VPN tunnels

 

 

 

for communicating encrypted data. AutoIKE

 

 

 

key VPN tunnels use ESP after establishing the

 

 

 

tunnel using IKE.

 

 

 

 

 

 

AOL

AOL instant messenger protocol.

tcp

5190-5194

 

 

 

 

BGP

Border Gateway Protocol routing protocol.

tcp

179

 

BGP is an interior/exterior routing protocol.

 

 

 

 

 

 

DHCP-Relay

Dynamic Host Configuration Protocol (DHCP)

udp

67

 

allocates network addresses and delivers

 

 

 

configuration parameters from DHCP servers

 

 

 

to hosts.

 

 

 

 

 

 

DNS

Domain name service for translating domain

tcp

53

 

names into IP addresses.

 

 

 

udp

53

 

 

 

 

 

 

FINGER

A network service that provides information

tcp

79

 

about users.

 

 

 

 

 

 

FTP

FTP service for transferring files.

tcp

21

 

 

 

 

GOPHER

Gopher communication service. Gopher

tcp

70

 

organizes and displays Internet server contents

 

 

 

as a hierarchically structured list of files.

 

 

 

 

 

 

182

Fortinet Inc.

Page 182
Image 182
Fortinet 400 manual Services, Predefined services, 182