Create custom Service elements

Create a custom Service element if you need to match a protocol or port number that is not represented by the default Service elements. You can also use a custom Service element to change the properties of a Service element.

IP-based services are used in Access rules and NAT rules. Make sure that know which underlying protocol the traffic you want to allow uses, and be aware of whether you must define a protocol number or a port number. Usually, the Services you define yourself are TCP-based or UDP-based and are identified by the port number they use. However, there are many common protocols that are not TCP-based or UDP-based (for example, ICMP and RPC) and are identified by other information.

Example: The GRE protocol is transported directly over IP as protocol number 47 - on the same layer as TCP (#6) and UDP (#17). Therefore, any custom Services created for TCP and UDP ports 47 do not allow GRE to pass the Firewall.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Expand the Other Elements tree and select Services.
  3. Create the Service element in one of the following ways:
    • To create an element with no settings predefined, right-click the branch for the type of Service you want to create, then select New > [Service type] Service.
    • To create a Service based on some other Service element, right-click the existing Service, then select New > Duplicate.
  4. Give the new Service a unique Name and write an optional Comment.
  5. Configure the following options depending on the protocol:
    Table 1. Required options for each protocol
    Protocol Option
    TCP and UDP Dst. Ports (Optional)
    Src. Ports (Optional)
    ICMP Type
    Code (Optional)
    SUN RPC Program Number
    Version (Optional)
    Allow TCP (Optional)
    Allow UDP (Optional)
    IP Code
    IANA assigns the protocol codes. See http://⁠www.iana.org for a list.
  6. (Optional) To associate the Service with a Protocol element, click Select next to the Protocol field and select a Protocol element.
    Selecting the Protocol is mandatory if the Service is used in an Access rule that directs packets to deep inspection against the inspection rules. Some types of traffic might require a Protocol element of the type Protocol Agent.
  7. (Optional, not available for all Protocol elements) Set more options on the Protocol Parameters tab.
  8. Click OK.

UDP Service Properties dialog box

Use this dialog box to configure a custom UDP Service element.

Option Definition
General tab
Protocol Displays the Service protocol.
Name Specifies the Service name.
Comment An optional comment for your own reference.
Dst. Ports

(Optional)

Specifies the destination port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields.

(Either source or destination port is mandatory.)

Src. Ports

(Optional)

Specifies the source port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields.

(Either source or destination port is mandatory.)

Protocol Shows the assigned protocol. Click Select to select a Protocol Agent.
Category Shows the assigned category. Click Select to include the element in predefined categories.
Option Definition
Protocol Parameters tab, when Protocol is DNS or SSM DNS Proxy (UDP)
Enforce DNS protocol usage
  • On — The engine terminates traffic that is not using the DNS protocol.
  • Off — The engine allows traffic to pass even if the traffic is not DNS-related.
Deny DDNS updates
  • On — The engine terminates traffic that is not actually using the DNS protocol.
  • Off — The engine allows traffic to pass even if the traffic is not DNS-related.
Deny DNS zone transfers
  • On — The engine terminates DNS zone transfer messages.
  • Off — The engine allows DNS zone transfer messages to pass.
Enforce SafeSearch
  • On — The engine modifies DNS replies for Google search engines to enforce Google's SafeSearch feature.
  • Off — The engine does not modify DNS replies.
Option Definition
Protocol Parameters tab, when Protocol is NetBIOS
Make corresponding NAT modifications to payload
  • On — If inserted in a NAT rule, the addresses relayed in the NetBIOS communications are translated according to the NAT rule.
  • Off — Only the IP addresses in packet headers are translated if inserted in a NAT rule.
Option Definition
Protocol Parameters tab, when Protocol is Protocol Identification
SSL/TLS decryption and inspection Controls whether to decrypt SSL/TLS encryption.
  • For Application Identification — SSL/TLS traffic is decrypted for inspection only when application detection is used.
  • No — SSL/TLS traffic is not decrypted for inspection.
  • Yes — Enables SSL/TLS decryption and inspection.
HTTPS Inspection Exceptions Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption.

Click Select to select an HTTP Inspection Exceptions element.

Option Definition
Protocol Parameters tab, when Protocol is SIP
Allow Related Connections

(Firewall only)

  • On — Allows SIP media connections based on the signaling connection.
  • Off — Protocol Agent is disabled.
Enforce client side media
  • Yes — Requires that the media stream uses the same client-side address as the transport layer.
  • No — Media stream can use any address.
Enforce server side media
  • Yes — Requires that the media stream uses the same server-side address as the transport layer.
  • No — Media stream can use any address.
Maximum number of calls The maximum number of calls allowed by the Access rule. If the value is 0, no limit is set for the number of calls.
Option Definition
Protocol Parameters tab, when Protocol is SunRPC
Learn RPC program number to port mapping for future RPC service matches When selected, Protocol Agent is enabled.
Option Definition
Protocol Parameters tab, when Protocol is TFTP or SSM TFTP Proxy
Allow Related Connections
  • On — Allows data connections to be opened with the control connection.
  • Off — Protocol Agent is disabled.
Allow read
  • Yes — Allows file transfer from server to client (downloads).
  • No — Downloads are not allowed.
Allow write
  • Yes — Allows file transfer from client to server (uploads).
  • No — Uploads are not allowed.
Log filename and paths
  • Yes — Names of transferred files and their paths are included in generated log entries.
  • No — File and path information is not available in logs.
Option Definition
Reset Discards the changes and reverts to the previously saved default settings.

TCP Service Properties dialog box

Use this dialog box to configure a custom TCP Service element.

Option Definition
General tab
Protocol Displays the protocol.
Name The name of the element.
Comment

(Optional)

 A comment for your own reference.
Dst. Ports

(Optional)

Specifies the destination port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields.

(Either source or destination port is mandatory.)

Src. Ports

(Optional)

Specifies the source port or port range. To match a single port, enter it in the first field and leave the other field empty. To enter a range, enter a value in both fields.

(Either source or destination port is mandatory.)

Protocol Shows the assigned protocol. Click Select to select a Protocol Agent.
Category

(Optional)

 Includes the element in predefined categories. Click Select to select a category.
Option Definition
Protocol Parameters tab, common options
Reset Discards the changes and reverts to the previously saved default settings. Not available for all protocols.
Option Definition
Protocol Parameters tab, when Protocol is DNS or SSM DNS Proxy (TCP)
Enforce DNS protocol usage
  • On — The engine terminates traffic that is not using the DNS protocol.
  • Off — The engine allows traffic to pass even if the traffic is not DNS-related.
Deny DDNS updates
  • On — The engine terminates traffic that is not using the DNS protocol.
  • Off — The engine allows traffic to pass even if the traffic is not DNS-related.
Deny DNS zone transfers
  • On — The engine terminates DNS zone transfer messages.
  • Off — The engine allows DNS zone transfer messages to pass.
Enforce SafeSearch
  • On — The engine modifies DNS replies for Google search engines to enforce Google's SafeSearch feature.
  • Off — The engine does not modify DNS replies.
Option Definition
Protocol Parameters tab, when Protocol is FTP or SSM FTP Proxy
Allow related connections
  • On — Allows data connections to be opened with the control connection.
  • Off — Disables the Protocol Agent.
Allow active mode
  • Yes — Server is allowed to open data connections to the client (according to information exchanged in the control connection).
  • No — Server-initiated data connections are forbidden.
Allow passive mode
  • Yes — Client is allowed to open data connections to the server (according to information exchanged in the control connection).
  • No — Client-initiated data connections are forbidden.
Control data inspection mode

(Firewall only)
  • Strict — If commands that do not comply with the RFC 959 FTP standard are used, the connection is dropped.
  • Loose — The Protocol Agent tries to identify information for opening the data connection even if the communications do not strictly follow the FTP standards. Sometimes needed with non-standard FTP configurations.

Highest allowed source port for Active data connection

or

Lowest allowed source port for Active data connection

(Firewall only)

 Enter a port value to limit the range of allowed source ports for active data connections on the server.

Value 0 for the lowest port means that the server always uses the port number immediately preceding the destination port. If the server uses a standard port, both the lowest and highest port number must be 0.

Redirect to Proxy Server

(Firewall only)

Select the Proxy Server to which the connections are redirected.

Note: The recommended method for forwarding traffic to a proxy service is to use Access rules.

(Optional) Specify the IP Address Translation Range (IPv4 only) and the Port Translation Range for the redirection. To specify a single IP address, enter the same IP address in both fields.

Note: This option is not supported for SSM Proxies.
Option Definition
Protocol Parameters tab, when Protocol is HTTP or HTTPS
Logging of Accessed URLs
  • Yes — The URLs of sites that users access are included in generated log entries.
    Note: With HTTPS traffic, requires that the traffic is decrypted.
  • No — URLs are not included in generated log entries.
Optimized server stream fingerprinting
  • Yes — When matching connections to the Inspection rules, the server stream matching is done only for patterns that are valid for the client’s browser type and version.
  • No — All server stream patterns are matched.
Enforce SafeSearch
  • On — The engine modifies DNS replies for Google search engines to enforce Google's SafeSearch feature.
  • Off — The engine does not modify DNS replies.
HTTPS decryption and inspection

(HTTPS only)

Controls whether to decrypt HTTPS traffic.
  • For Application Identification — HTTPS traffic is decrypted for inspection only when application detection is used.
  • Yes — Enables HTTPS decryption and inspection.
  • No — HTTPS traffic is not decrypted for inspection.
HTTPS Inspection Exceptions

(HTTPS only)

Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption.

Click Select to select an HTTP Inspection Exceptions element.
(Firewall only)  
Redirect to Proxy Server

(Firewall only)

Select the Proxy Server to which the connections are redirected.

Note: The recommended method for forwarding traffic to a proxy service is to use Access rules.

(Optional) Specify the IP Address Translation Range (IPv4 only) and the Port Translation Range for the redirection. To specify a single IP address, enter the same IP address in both fields.

Note: This option is not supported for SSM Proxies.
Option Definition
Protocol Parameters tab, when Protocol is HTTP with SSM HTTP Proxy
Logging of Accessed URLs
  • Yes — The URLs of sites that users access are included in generated log entries.
    Note: With HTTPS traffic, requires that the traffic is decrypted.
  • No — URLs are not included in generated log entries.
Optimized server stream fingerprinting
  • Yes — When matching connections to the Inspection rules, the server stream matching is done only for patterns that are valid for the client’s browser type and version.
  • No — All server stream patterns are matched.
Redirect to Proxy Server This option is not supported for SSM Proxies.
Enforce SafeSearch
  • On — The engine modifies DNS replies for Google search engines to enforce Google's SafeSearch feature.
  • Off — The engine does not modify DNS replies.
Enforce Strict Headers When selected, the proxy blocks HTTP requests and responses that do not comply with the HTTP protocol standards.
Log URLs When selected, the proxy logs the URLs in HTTP requests.
Request Validation When selected, the proxy validates HTTP requests. Selecting this option enables options in the following sections:
  • URL Control Options
  • URL Matches
  • Commands
URL Control Options section Specifies options for validation of URLs.
Disallow Unicode in URL Paths When selected, unicode-encoded text is not allowed in URL paths.
Disallow Unicode URL Queries When selected, unicode-encoded text is not allowed in query strings in URLs.
Enforce Strict URL Paths When selected, the proxy blocks URL paths that contain characters that are not allowed by the HTTP protocol standards.
Enforce Strict URL Queries When selected, the proxy blocks queries that contain characters that are not allowed by the HTTP protocol standards.
URL Normalization Validation Specifies how URL normalization is applied to HTTP requests.
  • Allow — Allows the request.
  • Allow and Log — Allows the request and creates a log entry.
  • Block and Log — Blocks the request and creates a log entry.
  • Off — URL normalization is not enabled.
Maximum URL Length Specifies the maximum number of characters allowed in URLs.
Require HTTP Version When selected, the proxy requires the HTTP request to include an HTTP version string. Selecting this option enables the following options:
  • Allow HTTP version 1.0
  • Allow HTTP version 1.1
Allow HTTP version 1.0 When selected, the proxy allows HTTP requests that specify HTTP version 1.0 as the version string.
Allow HTTP version 1.1 When selected, the proxy allows HTTP requests that specify HTTP version 1.1 as the version string.
URL Matches section Specifies rules for allowing or denying matching URLs.
Allow or Deny Specified URL Matches Specifies whether matching URLs are allowed or denied.
  • Allow — Matching URLs are allowed.
  • Deny — Matching URLs are denied.
URL Match List Specifies the criteria for matching URLs.
Match Type Specifies how the proxy matches the match criteria in the URL.
  • Contains — Matches when the URL contains the specified criteria.
  • Begins with — Matches when the URL begins with the specified criteria.
  • Ends with — Matches when the URL ends with the specified criteria.
Match Parameter Specifies the part of the URL where the proxy checks for the match criteria.
  • Host — The proxy checks the domain name for the match criteria.
  • Path — The proxy checks the URL path for the match criteria.
  • All — The proxy checks both the host and the path for the match criteria.
URL The matching criteria for the URL.
Add Adds a row to the table.
Remove Removes the selected row from the table.
Commands section Specifies the commands that the proxy allows in HTTP requests.
Allowed HTTP Commands
  • Any — The proxy allows any commands in HTTP requests.
  • Selected from List — The proxy allows only the selected commands in HTTP requests.
Content Control Specifies options for allowing or denying content in HTTP requests.
Deny SOAP When selected, the proxy denies the use of simple object access protocol (SOAP) in HTTP requests.
Option Definition
Protocol Parameters tab, when Protocol is HTTP with SSM TCP Proxy or HTTPS with SSM TCP Proxy
Logging of Accessed URLs
  • Yes — The URLs of sites that users access are included in generated log entries.
    Note: With HTTPS traffic, requires that the traffic is decrypted.
  • No — URLs are not included in generated log entries.
Optimized server stream fingerprinting
  • Yes — When matching connections to the Inspection rules, the server stream matching is done only for patterns that are valid for the client’s browser type and version.
  • No — All server stream patterns are matched.
Redirect to Proxy Server

(Firewall only)

Select the Proxy Server to which the connections are redirected.

Note: The recommended method for forwarding traffic to a proxy service is to use Access rules.

(Optional) Specify the IP Address Translation Range (IPv4 only) and the Port Translation Range for the redirection. To specify a single IP address, enter the same IP address in both fields.

Note: This option is not supported for SSM Proxies.
Enforce SafeSearch
  • On — The engine modifies DNS replies for Google search engines to enforce Google's SafeSearch feature.
  • Off — The engine does not modify DNS replies.
HTTPS decryption and inspection

(HTTPS only)

Controls whether to decrypt HTTPS traffic.
  • For Application Identification — HTTPS traffic is decrypted for inspection only when application detection is used.
  • Yes — Enables HTTPS decryption and inspection.
  • No — HTTPS traffic is not decrypted for inspection.
HTTPS Inspection Exceptions

(HTTPS only)

Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption.

Click Select to select an HTTP Inspection Exceptions element.
Option Definition
Protocol Parameters tab, when Protocol is H232
Allow related connections
  • On — The Protocol Agent monitors the H.323 connection and allows the related connections in Access and NAT rules.
  • Off — Disables the Protocol Agent.
Allow special logical channels through (No NAT)
  • Yes — Allows H.323 clients to open a special logical channel for audio and video without NAT.
  • No — Special logical channels are not allowed.
Option Definition
Protocol Parameters tab, when Protocol is IMAPS
IMAPS decryption and inspection Controls whether to decrypt SSL/TLS encryption.
  • For Application Identification — SSL/TLS traffic is decrypted for inspection only when application detection is used.
  • No — SSL/TLS traffic is not decrypted for inspection.
  • Yes — Enables SSL/TLS decryption and inspection.
IMAPS Inspection Exceptions Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption. Click Select to select an HTTP Inspection Exceptions element.
Option Definition
Protocol Parameters tab, when Protocol is MSRPC
Allow related connections
  • On — Allows responses sent by the endpoint mapper (EPM) service.
  • Off — Disables the Protocol Agent.
Allow MS Exchange Remote administration service
  • Yes — Allows remote administration of the Microsoft Exchange server through the Exchange System Attendant service.
  • No — Prevents remote administration.
Allow MS Exchange user services
  • Yes — Allows the normal use of the Microsoft Outlook client; the Protocol Agent allows the use of Exchange Database service, Directory service, Information Store service, MTA service, and Store service.
  • No — Prevents end-user services.
Allow any UUID in endpoint mapping
  • Yes — Allows other MSRPC requests in addition to Outlook/Exchange.
  • No — The Service allows only Outlook/Exchange traffic.
Allow other RPC traffic
  • Yes — Allows message types that are not supported by the Protocol Agent to bypass the control connection.
  • No — Allows only supported message types (bind, bind ack, request, and response).
Option Definition
Protocol Parameters tab, when Protocol is Oracle
Allow related connections
  • On — Allows database connection based on information in the listener connection.
  • Off — Disables the Protocol Agent.
Max. length allowed for one TNS packet Enter the maximum amount of TCP payload data that each Oracle TNS packet is allowed to carry.
Netmask for allowed server addresses Enter a netmask for limiting the allowed traffic. The value 255.255.255.255 allows the database connection only to the address in which the Oracle Listener service is located. The value 0.0.0.0 allows database connections to all addresses.
Set checksum to zero for modified TNS packets
  • Yes — Resets the header and packet checksums to zero when the Protocol Agent modifies the packet payload data.
  • No — Checksums remain even when the packet is changed.
Option Definition
Protocol Parameters tab, when Protocol is POP3S
POP3S decryption and inspection Controls whether to decrypt SSL/TLS encryption.
  • For Application Identification — SSL/TLS traffic is decrypted for inspection only when application detection is used.
  • No — SSL/TLS traffic is not decrypted for inspection.
  • Yes — Enables SSL/TLS decryption and inspection.
POP3S Inspection Exceptions Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption. Click Select to select an HTTP Inspection Exceptions element.
Option Definition
Protocol Parameters tab, when Protocol is Protocol Identification
SSL/TLS decryption and inspection Controls whether to decrypt SSL/TLS encryption.
  • For Application Identification — SSL/TLS traffic is decrypted for inspection only when application detection is used.
  • No — SSL/TLS traffic is not decrypted for inspection.
  • Yes — Enables SSL/TLS decryption and inspection.
HTTPS Inspection Exceptions Specifies the HTTPS Inspection Exceptions according to which traffic is decrypted and inspected or allowed to pass without decryption.
Option Definition
Protocol Parameters tab, when Protocol is RTSP
Allow related connections
  • On — Related RTP and RTCP connections initiated with RTSP are allowed through the engine.
  • Off — Disables the Protocol Agent.
Option Definition
Protocol Parameters tab, when Protocol is Shell
Allow related connections
  • On — Standard error (stderr) stream is allowed through the firewall as a response to an RSH command.
  • Off — Disables the Protocol Agent.
Option Definition
Protocol Parameters tab, when Protocol is SIP
Allow related connections

(Firewall only)

  • On — Allows SIP media connections based on the signaling connection.
  • Off — Disables the Protocol Agent.
Enforce client side media
  • Yes — Requires that the media stream uses the same client-side address as the transport layer.
  • No — Media stream can use any address.
Enforce server side media
  • Yes — Requires that the media stream uses the same server-side address as the transport layer.
  • No — Media stream can use any address.
Maximum number of calls The maximum number of calls allowed by the Access rule. If the value is 0, no limit is set for the number of calls.
Option Definition
Protocol Parameters tab, when Protocol is SMTP
Redirect to Proxy Server

(Firewall only)

Select the Proxy Server to which the connections are redirected.

Note: The recommended method for forwarding traffic to a proxy service is to use Access rules.

(Optional) Specify the IP Address Translation Range (IPv4 only) and the Port Translation Range for the redirection. To specify a single IP address, enter the same IP address in both fields.

Note: This option is not supported for SSM Proxies.
Option Definition
Protocol Parameters tab, when Protocol is SSH or SSH with SSM TCP Proxy
Make protocol validation
  • On — Validates the SSH transfers according to the parameters defined in this dialog.
  • Off — Disables the Protocol Agent.
Bytes allowed from client before Server ID Amount of data that the client is allowed to send to the server before the server sends its own identification string.
Bytes allowed from server before Client ID Amount of data that the server can send to the client before the client sends its own identification string.
Bytes allowed from server before Server ID Amount of data that the server can send to the client before the server sends its own identification string.
Option Definition
Protocol Parameters tab, when Protocol is SunRPC
Learn RPC program number to port mapping for future RPC service matches When selected, Protocol Agent is enabled.
Option Definition
Protocol Parameters tab, when Protocol is TCP Proxy
Abort on close Timeout in seconds for aborting a connection counted from when one of the communicating parties initiates the connection closing. The connection is aborted by sending TCP Reset packets to the unresponsive endpoint. Setting this value to 0 disables this timeout (connections are left open).
Idle timeout Timeout in seconds for closing a connection after the latest transmission. Setting this value to 0 disables this timeout (connections are left open).
Use proxy
  • On — Enables the Protocol Agent.
  • Off — Disables the Protocol Agent.

IP-proto Service Properties dialog box

Use this dialog box to configure a custom IP-proto Service element.

Option Definition
General tab
Protocol Displays the Service protocol.
Name Specifies the Service name.
Comment An optional comment for your own reference.
Protocol Number Specifies the Service protocol number.
Protocol Shows the assigned protocol.
Select Opens the Protocol Agent dialog box.
Category Shows the assigned category.
Select Opens the Category Selection for New Element dialog box.
Option Definition
Protocol Parameters tab, when Protocol is GRE
Apply Tunnel Rematch
  • On — Rematches the encapsulated payload inside the tunneling packet until the maximum rematch count defined in the engine properties is reached.
  • Off — Does not rematch encapsulated payload.
Tunnel IPv4 protocol
  • On — Allows tunneling over IPv4.
  • Off — Stops connections that are tunneled over IPv4.
Tunnel IPv6 protocol
  • On — Allows tunneling over IPv6.
  • Off — Stops connections that are tunneled over IPv6.
Option Definition
Protocol Parameters tab, when Protocol is IPv4 Encapsulation
Apply Tunnel Rematch
  • On — Rematches the encapsulated IPv4 payload inside the IPv6 tunneling packet until the maximum rematch count defined in the engine properties is reached.
  • Off — Does not rematch encapsulated payload.
Next Ethernet Type For information only. Shows the Ethernet frame type used for examining the encapsulated packet.
Option Definition
Protocol Parameters tab, when Protocol is IPv6 Encapsulation
Apply Tunnel Rematch
  • On — Rematches the encapsulated IPv6 payload inside the IPv6 tunneling packet until the maximum rematch count defined in the engine properties is reached.
  • Off — Does not rematch encapsulated payload.
Next Ethernet Type For information only. Shows the Ethernet frame type used for examining the encapsulated packet.
Option Definition
Reset Discards the changes and reverts to the previously saved default settings.

SUN-RPC Service Properties dialog box

Use this dialog box to define the properties of a SUN-RPC Service.

Option Definition
Protocol Displays the Service protocol.
Name Specifies the Service name.
Comment An optional comment for your own reference.
Program Number Specifies the program number.
Version

(Optional)

Specifies the remote program version number. If you do not enter a program version, the element matches traffic of any version.
TCP Traffic Allowed

(Optional)

Allows the RPC message when transported over TCP.
UDP Traffic Allowed

(Optional)

Allows the RPC message when transported over UDP.
Category Shows the assigned category.
Select Opens the Category Selection for New Element dialog box.

ICMP Service Properties dialog box

Use this dialog box to configure an ICMP Service.

Option Definition
Protocol Displays the Service protocol.
Name Specifies the Service name.
Comment An optional comment for your own reference.
Type Specifies the ICMP type number that the traffic uses.
Code

(Optional)

Specifies the ICMP code that the traffic uses. If the Code field is empty, the Service matches traffic regardless of the ICMP code. If you enter 0 as the code, the Service matches only packets that contain no ICMP code.
Category Shows the assigned category.
Select Opens the Category Selection for New Element dialog box.

ICMPv6 Service Properties dialog box

Use this dialog box to define the properties of an ICMPv6 Service.

Option Definition
Protocol Displays the Service protocol.
Name Specifies the Service name.
Comment An optional comment for your own reference.
Type Specifies the ICMP type number that the traffic uses.
Code

(Optional)

Specifies the ICMP code that the traffic uses. If the Code field is empty, the Service matches traffic regardless of the ICMP code. If you enter 0 as the code, the Service matches only packets that contain no ICMP code.
Category Shows the assigned category.
Select Opens the Category Selection for New Element dialog box.