Help Center/ Cloud Firewall/ User Guide/ Configuring Access Control Policies to Control Traffic/ Service Group Management/ Adding a User-defined Service Group
Updated on 2024-11-04 GMT+08:00
View PDF

Adding a User-defined Service Group

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

Constraints

  • A service group can have up to 64 services.
  • A firewall instance can have up to 512 service groups.
  • A firewall instance can have up to 900 services.

Adding a User-defined Service Group

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
  5. In the navigation pane, choose Access Control > Object Groups.
  6. Click the Service Groups tab. Click Add Service Group and configure parameters in the Add Service Group area. Enter the service group name and description.

    Table 1 Service group parameters

    Parameter

    Description

    Service Group Name

    Name of a service group

    Description

    Usage and application scenario

    Services
    • Protocol: Select a protocol. Supported protocols include TCP, UDP, and ICMP.
    • Source Port: Set the source port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Destination Port: Set the destination port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Description: Usage and application scenario of the service group

  7. Confirm the information and click OK.

Adding a Service to a User-defined Service Group

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
  5. In the navigation pane, choose Access Control > Object Groups.
  6. Click the Service Groups tab. Click the name of a service group. The Service Group Details dialog box is displayed..
  7. Click Add Service.

    Table 2 Adding a service

    Parameter

    Description

    Example Value

    Protocol

    Its value can be TCP, UDP, or ICMP.

    TCP

    Source Port

    Source ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Destination Port

    Destination ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Description

    Usage and application scenario

    -

  8. You can click Add to add multiple services.
  9. Confirm the information and click OK.

Related Operations

  • Exporting service groups: Click Export above the list and select a data range.
  • Deleting services in batches: On the Service Groups tab, select services and click Delete above the list.

Follow-up Operations

A service group takes effect only after it is set in a protection rule. For more information, see Adding Protection Rules to Block or Allow Traffic.

Parent Topic: Service Group Management