| Description |
This article describes configuring service groups on FortiGate 7.6.0. |
| Scope |
FortiGate GUI 7.6.0, and FortiGate model 6xF. |
| Solution |
In the FortiGate firmware 7.6.0, the service group cannot created since the members are not listed, and a service group with no members cannot be edited in the GUI since the members list is empty. The issue ID 1068202 is under investigation.
The workaround is the following configuration in the CLI (use the '?' parameter to check the full list of available services while creating via the CLI):
config firewall service group
edit "TEST" new entry 'TEST' added
set member ? *name Service or service group name. ALL custom FTP custom FTP_GET custom FTP_PUT custom DNS custom HTTP custom HTTPS custom IMAP custom IMAPS custom LDAP custom DCE-RPC custom POP3 custom POP3S custom SAMBA custom SMTP custom SMTPS custom KERBEROS custom LDAP_UDP custom SMB custom ALL_TCP custom ALL_UDP custom ALL_ICMP custom ALL_ICMP6 custom GRE custom AH custom ESP custom AOL custom BGP custom DHCP custom FINGER custom GOPHER custom H323 custom IKE custom Internet-Locator-Service custom IRC custom L2TP custom NetMeeting custom
set member FTP FTP_GET FTP_PUT
end
To add a new service to an existing service group, use the command 'append' to add one or more options to the existing members:
config firewall service group edit "TEST" append member "SSH" next end
After the configuration in the CLI, the service group will show up as expected in the GUI:
 |
