Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
FTP
HTTP
Ident
MAIL
POP3
TELNET
e.
Click Add to add the services as members of the group, then click OK to save the
new service group.
Example: Creating a Custom Sun-RPC Service
In this example, you create a service object called my-sunrpc-nfs to use the Sun RPC
Network File System, which is identified by two Program IDs: 100003 and 100227. Because
Sun-RPC services use dynamically negotiated ports, you cannot use regular service
objects based on fixed TCP/UDP ports to permit them in security policy. Instead, you
must create sun rpc service objects using program numbers. For example, NFS uses two
program numbers: 100003 and 100227. The corresponding TCP/UDP ports are dynamic.
To permit the program numbers, you create a sun-rpc-nfs service object that contains
these two numbers. The ALG maps the program numbers into dynamically negotiated
TCP/UDP ports, and permits or denies the service based on a policy you configure.
To create the Sun-RPC service:
In the main navigation tree, select Object Manager > Service Objects > Custom
1.
Service Objects.
In the main display area, click the Add icon and select Service. The New Service
2.
dialog box appears.
Configure the following:
3.
For Name, enter my-sunrpc-nfs
For Timeout, select Default.
For Color, select blue.
Enter a comment, if desired.
Select the Sun-RPC tab.
Configure the first service entry. Click the Add icon to display the New Service Entry
4.
dialog box, configure the following, then click OK:
For Program Low, enter 100003.
For Program High, enter 100003.
Configure the second service entry. Click the Add icon to display the New Service
5.
Entry dialog box, configure the following, then click OK:
Chapter 8: Configuring Objects
387
Advertisement
Table of Contents
