Service Definitions
On the Definitions & Users > Service Definitions page you can centrally define and manage services and service groups. Services are definitions of certain types of network traffic and combine information about a protocol such as TCP or UDP as well as protocol-related options such as port numbers. You can use services to determine the types of traffic accepted or denied by Sophos UTM on AWS.
Tip – When you click on the Info icon of a service definition in the Service Definitions list, you can see all configuration options in which the service definition is used.
To create a service definition, proceed as follows:
-
On the Service Definitions page, click New Service Definition.
The Add Service Definition dialog box opens.
-
Specify the following settings:
(Note that further parameters of the service definition will be displayed depending on the selected definition type.)
Name: Enter a descriptive name for this definition.
Type of definition: Select the definition type. The following types are available:
-
TCP: Transmission Control Protocol (TCP) connections use port numbers ranging from 0 to 65535. Lost packets can be recognized through TCP and be requested again. In a TCP connection, the receiver notifies the sender when a data packet was successfully received (connection related protocol). TCP sessions begin with a three way handshake and connections are closed at the end of the session. Provide the following information:
- Destination port: Enter the destination port either as single port number (e.g., 80) or as a range (e.g., 1024:64000), using a colon as delimiter.
- Source port: Enter the source port either as single port number (e.g., 80) or as a range (e.g., 1024:64000), using a colon as delimiter.
- UDP: The User Datagram Protocol (UDP) uses port numbers between 0 and 65535 and is a stateless protocol. Because it does not keep state, UDP is faster than TCP, especially when sending small amounts of data. This statelessness, however, also means that UDP cannot recognize when packets are lost or dropped. The receiving computer does not signal the sender when receiving a data packet. When you have selected UDP, the same configuration options can be edited as for TCP.
- TCP/UDP: A combination of TCP and UDP appropriate for application protocols that use both sub protocols such as DNS. When you have selected TCP/UDP, the same configuration options can be edited as for TCP or UDP.
- ICMP/ICMPv6: The Internet Control Message Protocol (ICMP) is chiefly used to send error messages, indicating, for example, that a requested service is not available or that a host or router could not be reached. Once you have opted for ICMP or ICMPv6, select the ICMP code/type. Note that IPv4 firewall rules do not work with ICMPv6 and IPv6 firewall rules do not work with ICMP.
- IP: The Internet Protocol (IP) is a network and transport protocol used for exchanging data over the Internet. Once you have selected IP, provide the number of the protocol to be encapsulated within IP, for example 121 (representing the SMP protocol).
- ESP: The Encapsulating Security Payload (ESP) is a part of the IPsec tunneling protocol suite that provides encryption services for tunneled data via VPN. Once you have selected ESP or AH, provide the Security Parameters Index (SPI), which identifies the security parameters in combination with the IP address. You can either enter a value between 256 and 4,294,967,296 or keep the default setting given as the range from 256 to 4,294,967,296 (using a colon as delimiter), especially when using automatic IPsec key exchange. Note that the numbers 1-255 are reserved by the Internet Assigned Numbers Authority (IANA).
- AH: The Authentication Header (AH) is a part of the IPsec tunneling protocol suite and sits between the IP header and datagram payload to maintain information integrity, but not secrecy.
- Group: A container that includes a list of other service definitions. You can use them to bundle service definitions for better readability of your configuration. Once you have selected Group, the Members box opens where you can add group members (i.e., other service definitions).
Comment (optional): Add a description or other information.
-
-
Click Save.
The new definition appears on the Service Definitions list.
To either edit or delete a definition, click the corresponding buttons.
Note – The type of definition cannot be changed afterwards. If you want to change the type of definition, you must delete the service definition and create a new one with the desired settings.