6Firewall103Example: Adding an Allow IP RuleThis example shows how to create a simple Allow rule that will allow HTTP flows to be openedfrom the sfp1net network on the sfp1 interface to any IP4 address (all‐nets‐ip4) on the waninterface.1. Change the current context to be the main IP rule set:Device:/> cc IPRuleSet main2. Create the IP rule:Device:/IPRuleSet/main> add IPRule Action=Allow Service=http SourceInterface=sfp1 SourceNetwork=sfp1netDestinationInterface=wan DestinationNetwork=all‐nets‐ip4 Name=lan_http3. Return to the default route:Device:/IPRuleSet/main> ccConfiguration changes must be saved by then issuing an activate followed by a commitcommand.ServicesA service object provides a way to reference a specific IP protocol. A service object is typicallydefined using one of the major transport protocols, TCP or UDP, and is associated with aspecific source or destination port number. For example, the HTTP service is defined as usingthe TCP protocol with the associated destination port 80 and any source port.However, service objects are not restricted to just the TCP or UDP protocols. They can be usedto encompass ICMP messages as well as a user‐definable IP protocol.A service is passiveService objects are passive SEG objects in that they do not themselves carry out any action ina configuration. Instead, they are used to apply security policy rules in SEG rule sets to aspecific type of traffic. For example, an IP rule in an SEG IP rule set might have a service objectassociated with it that specifies that the rule is to apply to HTTP traffic.Inclusion in IP rules is one the most important usages of service objects. For more informationon how service objects are used with IP rules, see IP rules on page 96.Predefined servicesA large number of service objects are predefined in the SEG. These include common servicessuch as HTTP.Predefined services can be used and modified just like custom services. However, it isrecommended to NOT make any changes to predefined services and instead create customservices with the desired characteristics.