System Configurations Service Grouping
IPv4/IPv6 Rule Settings Table:
E : Check the field to add the list of IP addresses to the current IP group.
IP Address : Enter a single IPv4/IPv6 address, IPv4/IPv6 range, IPv4/IPv6 subnet or
FQDN.
Action : Two options, to belong and not to belong, to determines whether an IP
address defined in [IP Address] belongs to the IP group. For exceptions in
an IP range or subnet that belongs to the IP group, the action of not to
belong makes the configuration easier than separating an IP range or sub-
net into several groups.
Service Grouping
[Service Grouping] lets you create and manage service groups exclusively and efficiently. You can group an ICMP, a
TCP/UDP Port, and a group of TCP/UDP Ports, particular applications and server ports. These predefined service
groups are available and easy to use in the drop-down list of the fields of [Source] and [Destination] on such [Service]
submenus as [Firewall], [NAT], [Virtual Server], [Auto Routing], [Inbound BM], [Outbound BM].
Group Name : Assign a name to a service group e.g. MSN File Transfer. The name will
appear in the drop-down list of [Source] and [Destination] in [Service] sub-
menus mentioned previously.
Enable : Check the field to enable a service group. Once the service group has been
enabled, it will show in the drop-down list of [Source] and [Destination] in
[Service] submenus mentioned previously.
Show/Hide IPv4/IPv6 Detail : Click the button to show or hide the table details. After Hide Detail has been
clicked, the table only shows the name of the service group and whether it
has been enabled.
IPv4/IPv6 Rule Settings Table:
E : Check the field to add the list of services to the current service group.
Service : Enter a single or a set of ICMP / ICMPv6 or TCP / UDP ports. Single port fol-
lows the the format: port (xxx). A set of ports follow the format: xxx-yyy e.g.
6891-6900.
Action : Two options, to belong and not to belong, to determines whether service port
defined in [Service] belongs to the service group. For exceptions in a set of
service ports that belongs to the service group, the action of not to belong
makes the configuration easier than separating the set of service ports into
several groups.
Here is an example to elaborate on how to configure [Service Grouping]. Create a service group "MSN File Transfer",
which uses TCP 6891-6900. Then enter TCP@6891-6900 in the [Service] field.
69 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
