This article shows how to configure a Custom Service.

On occasion, a custom service needs to be created to allow certain ports and protocols to pass through the Juniper firewall.

When defining a custom TCP service, the source port in most cases is a random port, between 0 and 65535. The destination port is specified to match the server's listening port.

A Custom Service requires a source port range, a destination port range, and a transport protocol ( TCP, UDP, etc.) to be specified.

Note: For this article, a custom service for AppleTalk File Services is configured. To create a custom service for AppleTalk File Services, which listens on TCP port 548, define this service with the following ports:

• Source Port Low: 0
• Source Port High: 65535
• Destination Port Low: 548
• Destination Port High: 548

Configure a custom service via Web UI:

1. Open the Web UI. For more information on accessing the Web UI, see KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .

2. From the ScreenOS options menu, Click Policy, then Policy Elements, then Services, and then click Custom.

3. From the Custom page, click New.

4. In the Service Name text box, enter a Service Name. Depends on your requirement, you can choose custom or default session timeout.

5. Under Transport protocol, click to select tcp.

6. Under Source Port Low, enter 1024, and then under Source Port High, enter 65535. Under Destination Port Low, enter 548, and then under Destination Port High, enter548.

7. Click OK.

 

Configure a custom service via CLI:

1. Log into the CLI.


2. Enter the command set service <name> protocol <protocol> src-port <port range> dst-port <port range>.

Example: set service "AppleTalk File Services" protocol tcp src-port 0-65535 dst-port 548-548

 

2019-12-26: Changed the snapshot and removed the EOL devices from the available categories.