Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=CLI-system-service-param

service-param

Sophos Firewall inspects all HTTP, HTTPS, FTP, SMTP/S, POP, and IMAP traffic on the standard ports by default. You can use the service-param command to turn on inspection of traffic sent over non-standard ports.

To allow inspection of traffic on non-standard ports for a specific protocol use the add port option and specify the port number and ID. This works for all services available within the service-param command list.

There are more options available for HTTPS, SMTP, and SMTPS.

Command

set service-param

Syntax

set service-param
FTP [add | delete] [port] {portID}
HTTP [add | delete] [port] {portID}
IMAP [add | delete] [port] {portID}
IM_MSN [add | delete] [port] {portID}
IM_YAHOO [add | delete] [port] [port number]
POP [add | delete] [port] {portID}
HTTPS [add | delete] [port] {portID} [deny_unknown_proto] [on | off] [invalid-certificate] [allow | block]
SMTP [add | delete] [port] {portID} [failure_notification] [on | off] [fast-isp-mode] [on | off] [notification-port] [add] [port] {portID} [strict-protocol-check] [on | off]
SMTPS [add | delete] [port] {portID} [invalid-certificate] [allow | block]`

Options

FTP [add | delete] [port] {portID}

To turn on traffic inspection for FTP on a non-standard port, use the add option and specify the port number and ID.

HTTP [add | delete] [port] {portID}

To turn on traffic inspection for HTTP on a non-standard port, use the add option and specify the port number and ID.

IMAP [add | delete] [port] {portID}

To turn on traffic inspection for IMAP on a non-standard port, use the add option and specify the port number and ID.

IM_MSN [add | delete] [port] {portID}

To turn on traffic inspection for IM_MSN on a non-standard port, use the add option and specify the port number and ID.

IM_YAHOO [add | delete] [port] [port number]

To turn on traffic inspection for IM_MSN on a non-standard port, use the add option and specify the port number and ID.

POP [add | delete] [port] {portID}

To turn on traffic inspection for POP on a non-standard port, use the add option and specify the port number and ID.

HTTPS [add | delete] [port] {portID} [deny_unknown_proto] [on | off] [invalid-certificate] [allow | block]

To turn on traffic inspection for HTTPS on a non-standard port, use the add option and specify the port number and ID.

SMTP [add | delete] [port] {portID} [failure_notification] [on | off] [fast-isp-mode] [on | off] [notification-port] [add] [port] {portID} [strict-protocol-check] [on | off]

To turn on traffic inspection for SMTP on a non-standard port, use the add option and specify the port number and ID.

SMTPS [add | delete] [port] {portID} [invalid-certificate] [allow | block]

To turn on traffic inspection for SMTPS on a non-standard port, use the add option and specify the port number and ID.