You can configure a service, and specify parameters for matching network traffic such as a port and protocol pairing.

You can also use a service to allow or block certain types of traffic in firewall rules. You cannot change the type after you create a service. Some services are predefined and cannot be modified or deleted.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Select Inventory > Services.
  3. Open the instance page.

    Skip the following sub-steps if the instance page is open.

    1. Log in to the VMware Cloud Console at https://console.cloud.vmware.com.
      The VMware Cloud Services home page displays the services available to your organization.
    2. Under My Services, go to the NSX+ card and select Launch Service.
    3. Select Global and select the instance to manage.
  4. Select Security > Inventory.
  5. Click Add Service.
  6. Enter a name.
  7. Click Set.
  8. Select a type.
    The choices are Layer 2 and Layer 3 and above.
  9. Under the Port-Protocol tab, click Add Service Entry to add one or more service entries.
    For layer 2, the only available service type is Ether.

    For layer 3 and above, the available service types are IP, IGMP, ICMPv4, ICMPv6,ALG, TCP, and UDP.

    Note:

    The following built-in ALGs for DFW are supported: FTP, TFTP, MS_RPC_TCP, MS_RPC_UDP, ORACLE_TNS, SUN_RPC_TCP and SUN_RPC_UDP.

    The following built-in ALGs for Gateway Firewall are supported: FTP and TFTP.

  10. Click the Services tab to add one or more services.
    Any service that you add is considered a nested service because it is included in the service that you are creating. The recommended maximum level of nesting is 3. An example of three levels of nesting: service A includes service B, service B includes service C, and service C includes service D. In addition, cyclic nesting is not allowed. In the previous example, service C cannot include service A or B.
  11. Click Apply.
  12. (Optional) Add one or more tags.
  13. (Optional) Enter a description.
  14. Click Save.