You can configure a service, and specify parameters for matching network traffic such as a port and protocol pairing.
You can also use a service to allow or block certain types of traffic in firewall rules. You cannot change the type after you create a service. Some services are predefined and cannot be modified or deleted.
Procedure
- With admin privileges, log in to NSX Manager.
- Select .
- Click Add Service.
- Enter a name.
- Click Set Service Entries.
- Select a type.
The choices are
Layer 2 and
Layer 3 and above.
- Under Port-Protocol, click Add Service Entry to add one or more service entries.
For layer 2, the only available service type is
Ether.
For layer 3 and above, the available service types are IP, IGMP, ICMPv4, ICMPv6,ALG, TCP, and UDP.
Note:
NSX supports the following built-in ALGs for DFW: FTP, TFTP, MS_RPC_TCP, MS_RPC_UDP, ORACLE_TNS, SUN_RPC_TCP and SUN_RPC_UDP.
NSX supports the following built-in ALGs for Gateway Firewall: FTP and TFTP.
- Click the Services tab to add one or more services.
Any service that you add is considered a nested service because it is included in the service that you are creating. The recommended maximum level of nesting is 3. An example of three levels of nesting: service A includes service B, service B includes service C, and service C includes service D. In addition, cyclic nesting is not allowed. In the previous example, service C cannot include service A or B.
- Click Apply.
- (Optional) Add one or more tags.
- (Optional) Enter a description.
- Click Save.