Filter
Top Products
Network > Services
320
SonicOS 5.8.1 Administrator Guide
All custom services you create are listed in the Custom Services table. You can group custom
services by creating a Custom Services Group for easy policy enforcement. If a protocol is
not listed in the Default Services table, you can add it to the Custom Services table by clicking
Add.
Step 1 Enter the name of the service in the Name field.
Step 2 Select the type of IP protocol from the Protocol pull-down menu.
Step 3 Enter the Port Range or IP protocol Sub Type depending on your IP protocol selection:
–
For TCP and UDP protocols, specify the Port Range. You will not need to specify a Sub
Type.
–
On SonicWALL NSA series appliances, for ICMP, IGMP, OSPF and PIMSM protocols,
select from the Sub Type pull-down menu for sub types.
–
For the remaining protocols, you will not need to specify a Port Range or Sub Type.
Step 4 Click OK. The service appears in the Custom Services table.
Click the Enable Logging che
ckbox to disable or enable the logging of the service activities.
Adding Custom IP Type Services
Using only the predefined IP types, if the security appliance encounters traffic of any other IP
Protocol type it drops it as unrecognized. However, there exists a large and expanding list of
other registered IP types, as governed by IANA (Internet Assigned Numbers Authority): http://
www.iana.org/assignments/protocol-numbers, so while the rigid practice of dropping less-
common (unrecognized) IP Type traffic is secure, it was functionally restrictive.
SonicOS Enhanced 3.5 and newer, with its support for Custom IP Type Service Objects, allows
an administrator to construct Service Objects representing any IP type, allowing Firewall
Access Rules to then be written to recognize and control IPv4 traffic of any type.