# diagnose internet-service id | grep Google-Gmail2) Define the IP address range '10.10.10.0-10.10.10.0' using a firewall address object.
ID: 65646 name: "Google-Gmail"
FGT (global) #
# config firewall address3) Extend the 'Google-Gmail' internet service using the 'internet-service-extension' command.
edit "ISDB-Range-1"
set type iprange
set start-ip 10.10.10.0
set end-ip 10.10.10.0
next
end
# config firewall internet-service-extension4) Once the configuration change is applied, the following message is being displayed in order to indicate what needs to be done to make the change effective.
edit 65646
set comment ''
# config entry
edit 1
set protocol 6
# config port-range
edit 1
set start-port 8080
set end-port 8081
next
end
set dst "ISDB-Range-1"
next
end
next
end
# exec internet-service refresh6) Verify a new entry was effectively added at the VDOM level to the predefined 'Google-Gmail' internet service.
Internet Service database is refreshed.
# diagnose firewall internet-service-extension list
List internet service in kernel(custom):7) Referring to the extended 'Google-Gmail' internet service in a VDOM level firewall policy can be done as per the following command.
name=Google-Gmail id=65646 reputation=5 Known and verified safe sites such as Gmail, Amazon, eBay, etc. singularity=0 flags=0x0 protocol=6 port=8080-8081
addr ip range(1): 10.10.10.0-10.10.10.0
# config firewall policyRemoving an IP address / port range from a predefined Internet Service entry.
edit 1
…
set internet-service enable
set internet-service-id 65646
…
next
end
# config firewall internet-service-extensionThe GUI disabling of IP address range '1.1.1.0-1.1.1.0' from the 'Google-Gmail' internet service was translated by FortiOS as an internet service extension (c.f. 'config disable-entry' command section for internet service ID 65646.)
edit 65646
set comment ''
# config disable-entry
edit 1
set protocol 6
# config port-range
edit 1
set start-port 25
set end-port 25
next
edit 2
set start-port 80
set end-port 80
next
edit 3
set start-port 110
set end-port 110
next
edit 4
set start-port 143
set end-port 143
next
edit 5
set start-port 443
set end-port 443
next
edit 6
set start-port 465
set end-port 465
next
edit 7
set start-port 587
set end-port 587
next
edit 8
set start-port 993
set end-port 993
next
edit 9
set start-port 995
set end-port 995
next
edit 10
set start-port 2525
set end-port 2525
next
edit 11
set start-port 5222
set end-port 5242
next
edit 12
set start-port 19305
set end-port 19309
next
end
# config ip-range
edit 1
set start-ip 1.1.1.0
set end-ip 1.1.1.0
next
end
next
edit 2
set protocol 17
# config port-range
edit 1
next
end
# config ip-range
edit 1
set start-ip 1.1.1.0
set end-ip 1.1.1.0
next
end
next
end
next
end
# config firewall policyNote:
edit 1
…
set internet-service enable
set internet-service-id 65646
…
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.