Defining A Service - Watchguard V10 User Manual

CHAPTER 8: About Security Policies
If you chose IP Address Range, type the starting and
ending IP addresses for the range.
If you chose Address Group, from the Address Group
drop-down list, select the appropriate item. This drop-
down list lists every address group created for use with
the Firebox Vclass appliance.
6
When you are finished, click Done.
The new member name is displayed in the Address Group
Members list of the New Address Group dialog box.
7
Repeat this process until you have defined all the
required members.
8
After you have added all the required group members,
click Done to close the New Address Group dialog
box.
When the Insert New Policy dialog box reappears, the Source or
Destination drop-down list automatically displays the newly
created address group.
You can nest address groups as "members" within other
address groups, as suggested by the Address Group drop-
down list in the New Address Group Member dialog box. This
does require, however, the creation of each group before you
can do so. For example, you could create an address group
representing employee departments or employees within a
subnet, then, in a separate process, create a master address
group, "Employees," that contains, as members, all the
other staff address groups.

Defining a service

The service component of a traffic specification enables
you to designate one or more network protocols that will
be used by the source device for a particular data stream.
Your service selection will be a service group, which can
consist of any combination of the following attributes:
• A single service for a particular type of data traffic,
which includes a single protocol and port number.
• A range of port numbers used by a single service or
application.
182
N
OTE
Vcontroller