Skip to main content
sonydarrel
sonydarrel
New Member
October 7, 2018
Solved

Object services in fortigate.

  • October 7, 2018
  • 1 reply
  • 7172 views

Dears,

I was creating a services in object tab and I saw option of specifying multiple port number by choosing TCP or UDP in one service object, then y we need the service group object when we get an option to specify tcp and udp multiple port number in one service.

 

Please find the attached service config snapshot

 

thanks  

    Best answer by live89

    That is correct. it will work.

    What I'm trying to tell you is that when you create multiple services (by adding +) then any cli changes to this group of services all ports will be affected.

    lets assume I create multiple services (TCP/80 TCP/443 UDP/53) and now I want to change the session-ttl only for the TCP/80 port, I can't do that in the custom multiple service that I created. Because any CLI changes will affect all other ports on the same multiple service you craeted.

    1 reply

    live89
    live89
    Explorer III
    October 8, 2018

    My point of view is that the service group is to organize pre-defined services and custom services into one group.

     

    Also that if you created a custom service and you want that service to be a part of multiple services, then you cannot make any cli changes to the values (such as timeout values) related only to that specific service, because now any changes does to that service is done to all ports in the same multiple services ports. But when you create custom services separately and then add them all to a service group then you can make any cli changes to that specific service.

    sonydarrel
    sonydarrelAuthor
    New Member
    October 8, 2018

    Dears,

     

    thanks for your reply, I didn't understood your reply properly can you elaborate more.

     

    I have one more question please reply

    if I create a custom service with multiple services of tcp/udp by adding a  ( + ) and if this service is attached to a policy it will work, I don't have to create separate custom service for UDP by different name

     

    Please confirm.

     

    thanks

    live89
    live89Answer
    Explorer III
    October 8, 2018

    That is correct. it will work.

    What I'm trying to tell you is that when you create multiple services (by adding +) then any cli changes to this group of services all ports will be affected.

    lets assume I create multiple services (TCP/80 TCP/443 UDP/53) and now I want to change the session-ttl only for the TCP/80 port, I can't do that in the custom multiple service that I created. Because any CLI changes will affect all other ports on the same multiple service you craeted.

    Terms & ConditionsAccessibility statement