yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
fix_python
doc-exports/docs/cfw/umn/cfw_01_0070.html
qiaoli 5764cb4624 First version of the CFW UMN 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>
2025-01-21 12:54:40 +00:00

13 KiB
Raw Permalink Blame History

Adding a User-defined Service Group

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

Constraints

  • A service group can have up to 64 services.
  • A firewall instance can have up to 512 service groups.
  • A firewall instance can have up to 900 services.

Adding a User-defined Service Group

  1. Log in to the management console.
  2. In the navigation pane on the left, click and choose Security > Cloud Firewall. The Dashboard page will be displayed.
  3. (Optional) Switch to another firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  4. In the navigation pane, choose Access Control > Object Groups.
  5. Click the Service Groups tab. Click Add Service Group and configure parameters in the Add Service Group area. Enter the service group name and description.

    Table 1 Service group parameters

    Parameter

    Description

    Service Group Name

    Name of a service group

    Description

    Usage and application scenario

    Services
    • Protocol: Select a protocol. Supported protocols include TCP, UDP, and ICMP.
    • Source Port: Set the source port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Destination Port: Set the destination port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Description: Usage and application scenario of the service group

  6. Confirm the information and click OK.

Adding a Service to a User-defined Service Group

  1. Log in to the management console.
  2. In the navigation pane on the left, click and choose Security > Cloud Firewall. The Dashboard page will be displayed.
  3. (Optional) Switch to another firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  4. In the navigation pane, choose Access Control > Object Groups.
  5. Click the Service Groups tab. Click the name of a service group. The Service Group Details dialog box is displayed..
  6. Click Add Service.

    Table 2 Adding a service

    Parameter

    Description

    Example Value

    Protocol

    Its value can be TCP, UDP, or ICMP.

    TCP

    Source Port

    Source ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Destination Port

    Destination ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Description

    Usage and application scenario

    -

  7. You can click Add to add multiple services.
  8. Confirm the information and click OK.

Related Operations

  • Exporting service groups: Click Export above the list and select a data range.
  • Deleting services in batches: On the Service Groups tab, select services and click Delete above the list.

Follow-up Operations

A service group takes effect only after it is set in a protection rule. For more information, see Adding Protection Rules to Block or Allow Traffic.

Parent topic: Service Group Management