{"type":"doc","content":[{"type":"paragraph"},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"To fully use this screen, you must have the following permissions assigned to your account:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Read Virtual Data Centers","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Read Firewall","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Write Firewall","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"type":"hardBreak"}]},{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Firewall","type":"text","marks":[{"type":"strong"}]},{"text":" screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).","type":"text"}]},{"type":"paragraph","content":[{"text":"You can combine related protocols (and ports)","type":"text"},{"text":" ","type":"text","marks":[{"type":"strong"}]},{"text":"into a ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":". For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":". Then, when you create a firewall rule, you can pick the newly created ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"hardBreak"},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"Create-a-service-group"}},"macroMetadata":{"macroId":{"value":"be67dd9c19ae0277e9c28b90552f1d07"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"50918b3c-d71e-4e1f-804a-b237ff01afd0"}},{"text":"Create a Service Group","type":"text"}]},{"type":"rule"},{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Firewall","type":"text","marks":[{"type":"strong"}]},{"text":" screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).","type":"text"}]},{"type":"panel","attrs":{"panelType":"success"},"content":[{"type":"paragraph","content":[{"text":"You can combine related protocols (and ports)into a ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":". For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":". Then, when you create a firewall rule, you can pick the newly created ","type":"text"},{"text":"Service Group","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Armor Management Portal (AMP), on the left-side navigation, click ","type":"text"},{"text":"Security","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Firewall","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Service Groups","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Actions","type":"text","marks":[{"type":"strong"}]},{"text":", and then click ","type":"text"},{"text":"New Group","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In ","type":"text"},{"text":"Service","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"Group","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"Name","type":"text","marks":[{"type":"strong"}]},{"text":", enter a descriptive name.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In ","type":"text"},{"text":"Add","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"Members","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"To Group","type":"text","marks":[{"type":"strong"}]},{"text":", enter the service or sub-protocol, and then click the plus ( + ) icon.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"You must add at least one member.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"You can add multiple members to a service group.","type":"text"}]},{"type":"paragraph","content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.migration","extensionKey":"__confluenceADFMigrationUnsupportedContentInternalExtension__","text":"","parameters":{"cxhtml":"

Service or sub-protocol	Notes	Example
Services (TCP, UDP, etc.)	You must enter a port number. These services are not case-sensitive.	tcp/80 TCP/80 Tcp/80 tCp/80
Additional services (AARP, AH, etc.)	These additional services are not case-sensitive. Do not enter a port number with these additional services.	ATALK igmp Gre
Sub-protocols (echo-reply, redirect, etc.)	You must enter icmp, followed by the specific sub-protocol. You must enter the sub-protocol in lower-case letters. Do not enter a port number.	icmp/source-host-isolated icmp/time-exceeded

Service or sub-protocol

Notes

Example

Services (TCP, UDP, etc.)

You must enter a port number.

These services are not case-sensitive.

tcp/80
TCP/80
Tcp/80
tCp/80

Additional services (AARP, AH, etc.)

These additional services are not case-sensitive.

Do not enter a port number with these additional services.

ATALK
igmp
Gre

Sub-protocols (echo-reply, redirect, etc.)

You must enter icmp, followed by the specific sub-protocol.

You must enter the sub-protocol in lower-case letters.

Do not enter a port number.

icmp/source-host-isolated
icmp/time-exceeded

","block-inline":true,"nestedContent":{"type":"doc","content":[{"type":"table","content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Service or sub-protocol","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Notes","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Example","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Services (TCP, UDP, etc.)","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"You must enter a port number.","type":"text"}]},{"type":"paragraph","content":[{"text":"These services are not case-sensitive.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tcp/80","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"TCP/80","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Tcp/80","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"tCp/80","type":"text"}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Additional services (AARP, AH, etc.)","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"These additional services are not case-sensitive.","type":"text"}]},{"type":"paragraph","content":[{"text":"Do not enter a port number with these additional services.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"ATALK","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"igmp","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Gre","type":"text"}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Sub-protocols (echo-reply, redirect, etc.)","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"You must enter ","type":"text"},{"text":"icmp","type":"text","marks":[{"type":"strong"}]},{"text":", followed by the specific sub-protocol.","type":"text"}]},{"type":"paragraph","content":[{"text":"You must enter the sub-protocol in lower-case letters.","type":"text"}]},{"type":"paragraph","content":[{"text":"Do not enter a port number.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"icmp/source-host-isolated","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"icmp/time-exceeded","type":"text"}]}]}]}]}]}]}],"version":1},"reason":"A table in list item can't be created or edited in the new editor."}}}]},{"type":"paragraph","content":[{"type":"hardBreak"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Create Group","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The newly created service group will appear at the bottom of the table.","type":"text"}]}]}]}]}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"For a complete list of supported services and sub-protocol, see ","type":"text"},{"text":"Review supported services and sub-protocols","type":"text","marks":[{"type":"link","attrs":{"href":"https://armor-defense.atlassian.net/wiki/spaces/KB/pages/3519587229/Firewall+Rules#%5BhardBreak%5DReview-Supported-Services-and-Sub-Protocols"}}]},{"text":".","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"hardBreak"},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"Edit-a-Service-Group"}},"macroMetadata":{"macroId":{"value":"596b80c5c1c358a2d12d3a8795172c40"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"f0f8f603-b2a5-4d2b-9367-75a246946328"}},{"text":"Edit a Service Group","type":"text"}]},{"type":"rule"},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Armor Management Portal (AMP), on the left-side navigation, click ","type":"text"},{"text":"Security","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Firewall","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Service Groups","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Locate and place your cursor over the desired service group.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click Edit Service Group.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Make your changes, and then click ","type":"text"},{"text":"Update Group","type":"text","marks":[{"type":"strong"}]},{"text":" to save.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"hardBreak"},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"Delete-a-Service-Group"}},"macroMetadata":{"macroId":{"value":"20661140b614dd1d56948ab1491c517b"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"dea1d675-2ed8-4da3-9c7c-cc2ed78e4e31"}},{"text":"Delete a Service Group","type":"text"}]},{"type":"rule"},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"You cannot delete a service group that is actively used in a firewall rule.","type":"text"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Armor Management Portal (AMP), on the left-side navigation, click ","type":"text"},{"text":"Security","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Firewall","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Service Groups","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Locate the desired service group and click on the vertical ellipsis.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click on ","type":"text"},{"text":"Delete","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"paragraph","content":[{"type":"hardBreak"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Topics Discussed","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"maxLevel":{"value":"3"},"minLevel":{"value":"3"}},"macroMetadata":{"macroId":{"value":"d5c362c2-7711-466f-b4f8-e82f62223eca"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"2ea0e2a3-71a5-4c04-85f1-71004d00431d"}}],"version":1}