To Create a Custom ServiceWhen you create a policy, you must define a service for it. You can select one of the predefined services from the Service Book, or select a custom service. A custom service is a service created by a user. Each policy can reference either a single service, or a service group.
Currently, a NetScreen device supports over 30 predefined services, such as HTTP, SNMP, FTP. You can also create service groups that contain any combination of predefined and custom services. You can then apply these service groups to a policy, thus simplifying administration. You cannot modify predefined services, only user-created custom services or service groups.
To Create a Custom ServiceEnter the necessary information:
Service Name: Enter a name to identify the new service. This name will be available from a Service drop-down menu when you create a policy.
Service Timeout: Select a timeout, in minutes, for the service session:
Use protocol default: The default timeout for TCP connections is 30 minutes. The default timeout for UDP connections is 1 minute.
Never: The session does not timeout.
Custom: Enter a session timeout value. The maximum timeout value for TCP and UDP connections is 2160 minutes (36 hours).
Transport protocol: Select a protocol for the service to use.
TCP: Transmission Control Protocol is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets are delivered in the same order in which they are sent.
UDP: User Datagram Protocol is a connectionless protocol that, like TCP, runs on top of IP networks. UDP offers a direct way to send and receive datagrams over an IP network. It is used primarily for broadcasting messages over a network. Unlike TCP, UDP does not guarantee that packets are delivered in the same order in which they are sent.
ICMP: Internet Control Message Protocol is an extension to the Internet Protocol (IP) that allows for the generation of error messages, test packets, and informational messages related to IP. When configuring a custom ICMP service, you must define a type and code.
Other: If you select this option, specify the protocol by inserting its standardized protocol number.
Source Port: Enter a range of internal port numbers valid for that service.
Destination Port: Enter a range of external port numbers to receive the service request.
ICMP: Enter a type and a code if you selected ICMP as the transport protocol. For more information on ICMP types and codes, refer to RFC 792.
Click OK to save your changes.