Tag Archives: Service Grouping

FortiWAN – Service Grouping

Service Grouping

[Service Grouping] lets you create and manage service groups exclusively and efficiently. You can group an ICMP, a TCP/UDP Port, and a group of TCP/UDP Ports, particular applications and server ports. These predefined service groups are available and easy to use in the drop-down list of the fields of [Source] and [Destination] on such [Service] submenus as [Firewall], [NAT], [Virtual Server], [Auto Routing], [Inbound BM], [Outbound BM].

Group Name : Assign a name to a service group e.g. MSN File Transfer. The name will appear in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Enable : Check the field to enable a service group. Once the service group has been enabled, it will show in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Show/Hide IPv4/IPv6 Detail IPv4/IPv6 Rule Settings Table: : Click the button to show or hide the table details. After Hide Detail has been clicked, the table only shows the name of the service group and whether it has been enabled.
E : Check the field to add the list of services to the current service group.
Service : Enter a single or a set of ICMP / ICMPv6 or TCP / UDP ports. Single port follows the the format: port (xxx). A set of ports follow the format: xxx-yyy e.g. 6891-6900.
Action : Two options, to belong and not to belong, to determines whether service port defined in [Service] belongs to the service group. For exceptions in a set of service ports that belongs to the service group, the action of not to belong makes the configuration easier than separating the set of service ports into several groups.

Here is an example to elaborate on how to configure [Service Grouping]. Create a service group “MSN File Transfer”, which uses TCP 6891-6900. Then enter TCP@6891-6900 in the [Service] field.