Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sonydarrel
New Contributor

Object services in fortigate.

Dears,

I was creating a services in object tab and I saw option of specifying multiple port number by choosing TCP or UDP in one service object, then y we need the service group object when we get an option to specify tcp and udp multiple port number in one service.

 

Please find the attached service config snapshot

 

thanks  

1 Solution
live89

That is correct. it will work.

What I'm trying to tell you is that when you create multiple services (by adding +) then any cli changes to this group of services all ports will be affected.

lets assume I create multiple services (TCP/80 TCP/443 UDP/53) and now I want to change the session-ttl only for the TCP/80 port, I can't do that in the custom multiple service that I created. Because any CLI changes will affect all other ports on the same multiple service you craeted.

Thanks

View solution in original post

Thanks
4 REPLIES 4
live89
Contributor

My point of view is that the service group is to organize pre-defined services and custom services into one group.

 

Also that if you created a custom service and you want that service to be a part of multiple services, then you cannot make any cli changes to the values (such as timeout values) related only to that specific service, because now any changes does to that service is done to all ports in the same multiple services ports. But when you create custom services separately and then add them all to a service group then you can make any cli changes to that specific service.

Thanks

Thanks
sonydarrel

Dears,

 

thanks for your reply, I didn't understood your reply properly can you elaborate more.

 

I have one more question please reply

if I create a custom service with multiple services of tcp/udp by adding a  ( + ) and if this service is attached to a policy it will work, I don't have to create separate custom service for UDP by different name

 

Please confirm.

 

thanks

live89

That is correct. it will work.

What I'm trying to tell you is that when you create multiple services (by adding +) then any cli changes to this group of services all ports will be affected.

lets assume I create multiple services (TCP/80 TCP/443 UDP/53) and now I want to change the session-ttl only for the TCP/80 port, I can't do that in the custom multiple service that I created. Because any CLI changes will affect all other ports on the same multiple service you craeted.

Thanks

Thanks
sonydarrel

thanks for the reply

I have marked the question as answered 

Top Kudoed Authors