Services
Tip
Policies in BlastShield™ network may use services to add additional granularity to the access controls. A service defines a name, an IP protocol (ICMP, TCP, UDP, etc..) and one or more port numbers (multiple ports may be entered as a comma separated list or as a range). Once a service has been defined, then it can be used in a Policy.
Introduction
Services are used in Policies to limit the allowed services to only that service which is configured in the Policy. For example, if you wish to create a policy which only permits SSH traffic between two Groups, then you would add SSH as a service to that policy.
When a service is added to a policy then only packets which match that service are allowed. Packets of all other services are dropped. Services are optional in policies. If no service is added to a policy then all services are allowed in that policy.
When a Policy contains a Service, the service is shown in the Services column of the Policy Dashboard view as seen in the image below. In this Policy, only SSH traffic is allowed from the 'users' group to the 'Servers' group.
When a Policy does not contain a service definition, then all services are allowed, and this is indicated by the status 'Any' in the Services column of the Policy Dashboard view, as shown below. In this Policy, any service is allowed from the 'users' group to the 'Servers' group.
