Creating Custom Services - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Creating Custom Services

386
permit or deny a Sun-RPC request by specific program number, include that service
(or create a custom service) in the rule.
For MS-RPC services, the MS-RPC tab displays the Microsoft universal unique identifiers
(UUIDs). Microsoft Remote Procedure Call (MS-RPC) is the Microsoft implementation
of the Distributed Computing Environment (DCE) RPC. Like the Sun-RPC, MS-RPC
enables a program running on one host to call procedures in a program running on
another host. Because of the large number of RPC services and the need to broadcast,
the transport address of an RPC service is dynamically negotiated based on the service
program's Universal Unique IDentifier (UUID).
NSM and security devices support 27 MS-RPC predefined services and 3 MS-RPC
predefined service groups. To permit or deny all MS-RPC requests, include the
MS-RPC-Any service in a firewall or IDP rule; to permit or deny an MS-RPC request by
specific UUID, include that service (or create a custom service) in the rule.
You can view details for a predefined service object, but you cannot edit that service
object.
You can create custom service objects to represent protocols that are not included in
the predefined services or to meet the unique needs of your network.
NOTE: Sun-RPC protocols and regular TCP/UDP/ICMP protocols cannot be in the same
service object. MS-RPC protocols and regular TCP/UDP/ICMP protocols cannot be in
the same service object
To add a service object, in the Object Manager, select Service Objects > Custom Service
Objects. In the main display area, click the Add icon and select Service to display the
New Service dialog box. Configure the following parameters:
Name—Enter a name for the service.
Timeout—Select the session timeout after which an inactive session is removed.
Never. The session does not time out.
Default. Use the default timeout for the selected protocol. The default timeout for
TCP connections is 30 minutes. The default timeout for UDP connections is 1 minute.
User-defined. Enter a session timeout value. The maximum timeout value for TCP
and UDP connections is 2160 minutes.
Color—Select a color to represent this service object in the NSM UI.
Comment—Add a comment, if desired.
Add the service entry:
Copyright © 2010, Juniper Networks, Inc.