[PaloAlto] Completely understand the service object settings

Firewall (UTM)

Work environment

  • PA-200
    • Version 8.1.19

Service object setting screen in GUI

Click Objects > Services > Add to display the service object setting screen.

Screen when the Protocol is TCP.

Screen when the Protocol is UDP.

Screen when the Protocol is SCTP.

Service object settings in CLI config

TCP service

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set service TCP_80 protocol tcp port 80
set service TCP_80 protocol tcp override no
set service TCP_80 tag Smaple_Tag
set service TCP_80 description TCP_80

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set service TCP_80 protocol tcp port 80
set service TCP_80 protocol tcp override yes timeout 3601
set service TCP_80 protocol tcp override yes halfclose-timeout 121
set service TCP_80 protocol tcp override yes timewait-timeout 16
set service TCP_80 protocol tcp source-port 1-65535
set service TCP_80 tag Smaple_Tag
set service TCP_80 description TCP_80

UDP service

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set service UDP_53 protocol udp port 53
set service UDP_53 protocol udp override no
set service UDP_53 tag Smaple_Tag
set service UDP_53 description UDP_53

SCTP service

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set service SCTP_21 protocol sctp port 21
set service SCTP_21 tag Smaple_Tag-02
set service SCTP_21 description SCTP_21

Service group settings in GUI

A Service group is an object that is a collection of multiple service objects.

Click Objects > Service Groups > Add to display the service gruop setting screen.

Service Group setting screen.

Service group settings in CLI config

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set service-group Sample_ServiceGroup members [ SCTP_21 TCP_80 UDP_53 ]
set service-group Sample_ServiceGroup tag Smaple_Tag

Palo Alto Configuration Information Summary
How to configure a static route Completely understand the address object settings Completely understand the service obj...
network-knowledge.work
2021.11.13

スポンサーリンク

Comments

Copied title and URL