Defining services for the USG2000&5000 series

The USG2000&5000 series supports defining services using the web UI or CLI. Service can be used as a security policy matching condition. The system has a predefined service set, and you can define services by specifying such information as the port.
Defining services using the web UI:
Choose Firewall > Service > User-defined Service and click Create in User-defined Service List. Enter or select service information, including the name, description, and protocol, and click Apply.

Defining services using the CLI:
1. Run the ip service-set service-set-name type object [ vpn-instance vpn-instance-name ] command in the system view to create a service set and access its view.

2. Add members to this service set.
a. Run the service [ id ] protocol { udp | tcp | sctp } [ source-port { src-port-number-1 [ to src-port-number-2 ] } &<1-64> | destination-port { dst-port-number-1 [ to dst-port-number-2 ] } &<1-64> ] * [ description description ] command to specify protocol types, such as TCP, UDP, or SCTP, by port number ranges.
b. Run the service [ id ] protocol icmp [ icmp-type { icmp-name | icmp-type-number icmp-code-number } ] [ description description ] command to specify the ICMP message type or code.
c. Run the service [ id ] protocol protocol-number [ description description ] command to specify the protocol field value in IP packet headers to specify the protocol type.

3. Run the description text command to configure the service set description.

Scroll to top