I'm creating service groups, and I realized that I can have TCP, UDP, or TCP-UDP. You can only nest the same groups. (TCP can nest TCP, UDP in UDP, so on). The only way that you can mix tcp and udp port numbers is by creating the tcp-udp service group.
My question is that you can only define the ports and not the protocol that's using it. It would seem that if I put port 80 in a tcp-udp service group, that means I've opened www and udp 80.
Is this the case? Is there any other way around this? I do have groups that will require tcp and udp ports open. My only other alternative is to create the ports and then create separate ACLs to reference individual tcp and udp ports.
I'm not clear on exactly what you are looking to do, but what you describe in your second paragraph is correct. If you enter a port-object of 80 in a tcp-udp group, this will open both TCP/80 and UDP/80.
In addition, the ACL that would reference this object-group does not discriminate in terms of protocols. That is to say that putting port 80 in a tcp-udp group would allow any/all traffic on TCP/80, not just HTTP traffic--the "www" is just an alias to make it easier to read the ACL statements.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...