cancel
Showing results for 
Search instead for 
Did you mean: 

Is there documentation or a way to see details about pre-defined IP firewall rule network services - ex. DNS, DHCP, FTP

Is there documentation or a way to see details about pre-defined IP firewall rule network services - ex. DNS, DHCP, FTP

w1f1n00b
Contributor II

When creating firewall rules for network services there are pre-defined objects for things like DNS, DHCP-Client, DHCP-Server etc. you have the option of Source IP - Any, and Destination IP - Any.

If you create a rule using one of these objects but do not specify IP Addresses (Any-Any-Allow) would this serve any functional purpose?

What do these pre-defined objects do (meaning what is different about the DHCP object compared to the DNS object etc)?

1 ACCEPTED SOLUTION

Ronald_Dvorak
Honored Contributor

Hi John,

I hope the below explanation makes it more clear…..

  • If you create a rule using one of these objects but do not specify IP Addresses (Any-Any-Allow) would this serve any functional purpose?

You’d allow i.e. http and https and then as the next rule create a deny all = that will allow only web traffic but nothing else.

  • “What do these pre-defined objects do (meaning what is different about the DHCP object compared to the DNS object etc)?“

It’s there in case you can’t remember or are to lazy to search for the correct port number of a certain service. So instead of creating a new object for port 1812 you use the predefined RADIUS object.

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

-Ron

View solution in original post

2 REPLIES 2

Ronald_Dvorak
Honored Contributor

You’d see more details about the predefined objects in…

> configure > common objects > network > network services

 

-Ron

Ronald_Dvorak
Honored Contributor

Hi John,

I hope the below explanation makes it more clear…..

  • If you create a rule using one of these objects but do not specify IP Addresses (Any-Any-Allow) would this serve any functional purpose?

You’d allow i.e. http and https and then as the next rule create a deny all = that will allow only web traffic but nothing else.

  • “What do these pre-defined objects do (meaning what is different about the DHCP object compared to the DNS object etc)?“

It’s there in case you can’t remember or are to lazy to search for the correct port number of a certain service. So instead of creating a new object for port 1812 you use the predefined RADIUS object.

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

-Ron

GTM-P2G8KFN