Adding a Service Rule

Services and Applications Rules are to be set in the same configuration, but could be independently deployed.

To add a service rule

1. Select the Services under the SERVICE SELECTION in one of the following ways:

   • Select a predefined service object from the Services drop-down menu .

     

   • Create a new Service Object.

     

     1. Enter the Service Object details.

        Name	Enter a name to identify the service object.
        Protocol	You can choose from the predefined protocol list or choose Custom and enter the custom protocol in the field.
        Port Range	Enter the port range values. The port range is selected by default for some of the predefined protocols.
        Sub Type	Choose a Sub Type from the drop-down menu. This field is available only for selected protocols.

     2. Click Save

2. Select the SLA Criteria. Do one of the following:

   • Select from the existing options.

     • Lowest Latency
     • Lowest Jitter
     • Lowest Packet Loss
   • Select Custom SLA to create a custom SLA.

3. Set the SOURCE AND DESTINATION details for Traffic Source / Network and Destination from the respective drop-down menus.

   You can select from predefined IPs or create a new address object. For more information, refer to Adding Address Object.

4. Set the PATH SELECTION interfaces. The PATH SELECTION settings help determine the network path that fulfills a specific network performance criteria, from a pool of available network paths.

   Interfaces selected should be WAN zone on the firewalls.

   1. Select the WAN Interface from the drop-down menu.

       

      • You can select multiple WAN Interfaces, which will be used for load-balancing as well as dynamic path selection based on the SLA criteria.
      • Minimum 2 interfaces should be selected for WAN interface.
      • You can also add Physical and Virtual Interfaces.

      • Select the predefined interfaces from the drop-down menu.

      • Add physical interfaces.

        1. Select the Add Physical Interfaces from the drop-down menu.

        2. Add the interfaces By Name and By Range.

           By Name	Add a specific physical interface with a label. Examples: X20, U15, W18.
           By Range	Add a range of physical interfaces with a common label. Examples: X20-X30, U15-U20, W18-W19.

        3. Click the Add icon.

        4. Click OK.

           Interfaces will be added for the WAN Interface selection and also added to the drop-down menu.

      • Add Virtual interfaces.

        1. Select the Add Virtual Interface from the drop-down menu.

        2. Define General interface settings.

           

           Zone	Input a zone name.
           VLAN Tag	Enter a VLAN tag value between 1 and 4094.
           Parent Interface	Choose an interface from the predefined list.
           Mode / IP Assignment	Choose the mode among Static, DHCP, PPPOE, Tap Mode (1-Port Tap).
           IP Address	Enter a valid IPv4 address.
           Subnet Mask	Enter a subnet mask address.
           Default Gateway	Enter the Default Gateway address. This field is optional.
           DNS Server 1/2/3	Enter the DNS Server address. This field is optional.
           Comment	Enter a comment and this field is optional.
           Add rule to enable redirect from HTTP to HTTPS	Enable this option to redirect from HTTP to HTTPS. By the default, this option is disabled.
           MANAGEMENT	Enable these options for HTTPS, Ping, SNMP, and SSH. By the default, these options are disabled.
           USER LOGIN	Enable these options for HTTP and HTTPS. By the default, these options are disabled.

        3. Click the Advanced tab and define interface settings.

           

           Link Speed	Enter the link speed. You can choose the default MAC address which is 00:00:00:00:00:00 or override the default address by entering in the field.
           Enable flow reporting	This option enables the flow reporting on flows created for this interface. By the default, this option is enabled.
           Enable Multicast Support	This option enables the multicast Reception on the Interface. By the default, this option is disabled.
           Exclude from Route Advertisement (NSM, OSPF, BGP, RIP)	Enable this option to exclude the interface from Route Advertisement. By the default, this option is disabled.
           Enable Asymmetric Route Support	Enable this option to enable asymmetric Route Support on the Interface.
           Interface MTU	The default value is 1500 and it cannot be modified.
           Fragment non-VPN outbound packets larger than this Interface's MTU	Enable this option to split the non-VPN outbound packets larger than the interface MTU into smaller fragments. By the default, this option is enabled.
           Ignore Don't Fragment (DF) Bit	By the default, this option is disabled. Enabling this option ignores the option and fragment the packet.
           Do not send ICMP Fragmentation Needed for outbound packets over the Interface MTU	By the default, this option is disabled.

        4. Click OK.

           Interfaces will be added for the WAN Interface selection and also added to the drop-down menu.

   2. Select the Backup WAN Interface from the drop-down menu.

5. Choose the WAN INTERFACE HEALTH CHECK PROBES.

   • Select a Probe Target from the drop-down menu or create a new address object. For more information, refer to Adding Address Object.

   • Set the Probe Type.

     You can set between Ping or TCP. Enter the value in the field if you select the TCP type.

6. Click Save.