Create and Edit ASA Service Objects

In a service object, you can specify a single protocol and assign it to a source port, destination port, or both source and destination ports.

Procedure

Step 1

In the left pane, click Objects.

Step 2

Click Create Object > ASA > Service.

Step 3

Enter an object name.

Step 4

Select Create a service object

Step 5

Click the Service Type button and select the protocol for which you want to make an object.

  • For TCP, UDP, and TCP-UDP service types, enter a source port, destination port, or both:

    • The source port identifier allows you to match traffic originating from a particular numbered port. In the source port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range.

    • The destination port identifier allows you to match traffic arriving at a particular numbered port. In the destination port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range.

  • For Protocol service types, enter a protocol number between 0-255, or a well-known name, such as ip, tcp, udp, gre, and so forth.

Step 6

Click Add.

Examples

  • A service object that identifies incoming FTP traffic would be one with a TCP Service type and a destination port range of 21.

  • A service object that identifies outgoing DNS and DNS over TCP traffic would be one with a tcp-udb service type and a source port equal to 53.