Create Ethernet Service elements
Create a custom Ethernet Service element if you need to match Ethernet-level traffic that is not represented by the default Ethernet Service elements. You can also use a custom Ethernet Service element to change the properties of an Ethernet Service element.
There are predefined Ethernet Service elements that correspond to commonly used Ethernet services. You can use the predefined Ethernet Services if they meet your needs.
CAUTION:
Match any IP traffic you allow in Ethernet rules to the default IPv4 and IPv6 Services. These Services match the
traffic using the correct Protocol element. Only IP traffic matched to the correct Protocol element is inspected further against the
Access rules. Non-IP traffic is never inspected any further.
Ethernet Services are used in IPS Policies, Layer 2 Firewall Policies, and Layer 2 Interface Policies.
For more details about the product and how to configure features, click Help or press F1.
Steps
Ethernet Service Properties dialog box
Use this dialog box to define Ethernet Service properties.
Option | Definition |
---|---|
Protocol | Not editable. Present in the default IPv4 or IPv6 services to direct traffic to further filtering and inspection. Not present in any custom Service elements that you create. |
Name | Specifies a unique name for the Service. |
Comment | An optional comment for your reference. |
Ethernet 2 (DIX) | Enter the EtherType code of the protocol that the traffic uses. |
Type | The EtherType code of the protocol that the traffic uses. |
Raw IPX (Novell) | Matches IPX (internetwork packet exchange) traffic. |
LLC | LLC (logical link control protocol) options. |
SSAP | The SSAP (source service access point) address that the traffic uses. |
DSAP | The DSAP (destination service access point) address that the traffic uses. |
SNAP | SNAP (subnetwork access protocol) options. |
Vendor | The OUI (organizational unique identifier) that the traffic uses. |
Type | The type that the traffic uses. |
Protocol | Not editable. Present in the default IPv4 or IPv6 services to direct traffic to further filtering and inspection. Not present in any custom Service elements that you create. |
Select | Select the Ethernet-level protocol and enter the details depending on the protocol. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |