Web Interface
1. Go to: Objects > Services > Add > IP Protocol Service
2. Specify a suitable name for the service, for example VRRP
3. Enter 112 in the IP Protocol control
4. Optionally enter Virtual Router Redundancy Protocol in the Comments control
5. Click OK
3.3.5. Service Groups
A Service Group is, exactly as the name suggests, a NetDefendOS object that consists of a
collection of services. Although the group concept is simple, it can be very useful when
constructing security policies since the group can be used instead of an individual service.
The Advantage of Groups
For example, there may be a need for a set of IP rules that are identical to each other except for
the service parameter. By defining a service group which contains all the service objects from all
the individual rules, we can replace all of them with just one IP rule that uses the group.
Suppose that we create a service group called email-services which combines the three services
objects for SMTP, POP3 and IMAP. Now only one IP rule needs to be defined that uses this group
service to allow all email related traffic to flow.
Groups Can Contain Other Groups
When a group is defined then it can contain individual services and/or service groups. This ability
to have groups within groups should be used with caution since it can increase the complexity of
a configuration and decrease the ability to troubleshoot problems.
Example 3.18. Creating a Service
This example shows how to create a Service Group object called my_service_group which consists
of two existing services called my_first_service and my_second_service.
Command-Line Interface
gw-world:/> add Service ServiceGroup my_service_group
Members=my_first_service,my_second_service
Web Interface
1. Go to: Objects > Services > Add > Service Group
2. For Name enter my_service_group
3. Select my_first_service from Available and press include
Chapter 3: Fundamentals
173
To Next Page
Loading...
