Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

fwsm- adding protocol object groups

I am trying to create ACL using object groups which contain protocols in 6500 FWSM configuration.

I have a list of protocols that has to be identified by tcp port numner;

for example: tcp ports 33000, 8095, 8090 etc. But I can only see the protocol numbers only in the range of 0 to 255 in the FWSM ocnfig.

Is there any other way that I can group this protocoil numnbers ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: fwsm- adding protocol object groups

You need to add a service object (layer 4 service) and not a protocol object (layer 3 protocol like ospf,tcp,udp etc.)

Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv

Please rate if helpful.

Regards

Farrukh

3 REPLIES

Re: fwsm- adding protocol object groups

kindly send me the sw version you are using on your fwsm module using

fwsm# sh version

Also read table D-5 in the following url

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/ports_f.html#wp1045623

New Member

Re: fwsm- adding protocol object groups

Don't mix up port numbers (http://www.iana.org/assignments/port-numbers, used in TCP and UDP only) and IP protocol numbers (http://www.iana.org/assignments/protocol-numbers).

Re: fwsm- adding protocol object groups

You need to add a service object (layer 4 service) and not a protocol object (layer 3 protocol like ospf,tcp,udp etc.)

Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv

Please rate if helpful.

Regards

Farrukh

326
Views
4
Helpful
3
Replies
CreatePlease to create content