Updated on 2024-12-18 GMT+08:00

Adding a User-defined Service Group

A service group is a collection of services (protocols, source ports, and destination ports). A service group frees you from repeatedly modifying access rules and simplifies security group rule management.

Constraints

  • A service group can have up to 64 services.
  • A firewall instance can have up to 512 service groups.
  • A firewall instance can have up to 900 services.

Adding a User-defined Service Group

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Access Control > Object Groups.
  6. Click the Service Groups tab. Click Add Service Group and configure parameters in the Add Service Group area. Enter the service group name and description.

    Table 1 Service group parameters

    Parameter

    Description

    Service Group Name

    Name of a service group

    Description

    Usage and application scenario

    Services

    • Protocol: Select a protocol. Supported protocols include TCP, UDP, and ICMP.
    • Source Port: Set the source port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Destination Port: Set the destination port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
    • Description: Usage and application scenario of the service group

  7. Confirm the information and click OK.

Adding a Service to a User-defined Service Group

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Access Control > Object Groups.
  6. Click the Service Groups tab. Click the name of a service group. The Service Group Details dialog box is displayed..
  7. Click Add Service.

    Table 2 Adding a service

    Parameter

    Description

    Example Value

    Protocol

    Its value can be TCP, UDP, or ICMP.

    TCP

    Source Port

    Source ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Destination Port

    Destination ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).

    NOTE:

    If Protocol is set to ICMP, you do not need to specify any port number.

    80

    Description

    Usage and application scenario

    -

  8. You can click Add to add multiple services.
  9. Confirm the information and click OK.

Related Operations

  • Exporting service groups: Click Export above the list and select a data range.
  • Deleting services in batches: On the Service Groups tab, select services and click Delete above the list.

Follow-up Operations

A service group takes effect only after it is set in a protection rule. For more information, see Adding Protection Rules to Block or Allow Traffic.