Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ISG/NS/SSG] Configuring a Custom Service

0

0

Article ID: KB4220 KB Last Updated: 26 Dec 2019Version: 13.0
Summary:

This article shows how to configure a Custom Service.

Solution:

On occasion, a custom service needs to be created to allow certain ports and protocols to pass through the Juniper firewall.

When defining a custom TCP service, the source port in most cases is a random port, between 0 and 65535. The destination port is specified to match the server's listening port.

A Custom Service requires a source port range, a destination port range, and a transport protocol ( TCP, UDP, etc.) to be specified.

Note: For this article, a custom service for AppleTalk File Services is configured. To create a custom service for AppleTalk File Services, which listens on TCP port 548, define this service with the following ports:

  • Source Port Low: 0
  • Source Port High: 65535
  • Destination Port Low: 548
  • Destination Port High: 548


Configure a custom service via Web UI:

1. Open the Web UI. For more information on accessing the Web UI, see KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .

2. From the ScreenOS options menu, Click Policy, then Policy Elements, then Services, and then click Custom.

3. From the Custom page, click New.

4. In the Service Name text box, enter a Service Name. Depends on your requirement, you can choose custom or default session timeout.

5. Under Transport protocol, click to select tcp.

6. Under Source Port Low, enter 1024, and then under Source Port High, enter 65535. Under Destination Port Low, enter 548, and then under Destination Port High, enter548.

7. Click OK.

 


Configure a custom service via CLI:

  1. Log into the CLI.

  2. Enter the command set service <name> protocol <protocol> src-port <port range> dst-port <port range>.

Example: set service "AppleTalk File Services" protocol tcp src-port 0-65535 dst-port 548-548

 

Modification History:
2019-12-26: Changed the snapshot and removed the EOL devices from the available categories. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search