HP VPN Firewall Appliances Access Control Configuration Guide
70
Ste
p
Command
Remarks
5. Add a protocol to
the object.
service { protocol | icmp
icmp-type icmp-code |
{ tcp | udp } [ source-port
source-port-start
[ source-port-end ] ]
[ destination-port
destination-port-start
[ destination-port-end ] ] }
By default, a user-defined service object comprises no
protocol.
A service object can comprise only one protocol. If
you execute this command multiple times, the most
recent configuration takes effect.
If you create a service object without specifying port
numbers, the system takes the default any as both the
source and destination port number.
Configuring a service group object
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter VD system view.
switchto vd vd-name
Required only when you are first logged in to the system
view of the default VD and want to configure an object
for a non-default VD.
3. Create a service group
object and enter
service group object
view.
object-group service
object-group-name
By default, no service group object is configured.
If the object already exists, you enter its view.
4. Configure a
description for the
object.
description
description-string
Optional.
By default, no description is configured for an object.
5. Add a service object or
another service group
object to the object.
service-object
object-name
By default, a service group object has no service object
or service group object members.
The service object or service group object member must
already exist.
A service group object can comprise multiple service
object and service group object members. To add
multiple members, execute this command multiple times.
Displaying and maintaining objects
Task Command
Remarks
Display system pre-defined
service objects.
display object service default Available in any view.
Display user-defined service
objects.
display object service [ vd vd-name ] Available in any view.
Display a specific object.
display object name object-name [ vd
vd-name ]
Available in any view.
Display service group objects. display object-group service [ vd vd-name ] Available in any view.
Display a specific group object.
display object-group name object-group-name
[ vd vd-name ]
Available in any view.