Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
2
Replies

Object-Group All Services

koaps
Level 1
Level 1

‎08-30-2003 12:52 PM - edited ‎03-09-2019 04:36 AM

I'm trying to make an object-group of all my services and I can't seem to do it the same way I did my servers.

I have a service groups like this:

object-group service name_services udp

description DNS Services

port-object eq domain

I tried to make a new one for all of them:

firewall(config)# object-group service all_services tcp-udp

firewall(config-service)# ?

At the end of show <command>, use the pipe character '|' followed by:

begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

description Provide a description up to 200 characters.

group-object Configure an object group as an object

port-object Configure a port (service) object

firewall(config-service)# group-object ?

Usage: [no] group-object <object_group_id>

firewall(config-service)# group-object name_services

Adding obj to object-group (all_services) failed; obj and group type inconsistent

As you can see it fails saying it's not the same type? Any Ideas?

Labels:
0 Helpful
2 Replies 2

snursten
Level 1
Level 1

‎09-01-2003 02:33 PM

Hierarchical or nested obj-groups can only be of the same type. You have tried to nest different types of groups.

The following example shows how to use the object-group network subcommand to create a new network object group and map it to a existing object-group:

pixfirewall(config)# object-group network sjc_ftp_servers

pixfirewall(config-network)#network-object host sjc.ftp.servers

pixfirewall(configpixfirewall(config-network)#network-object host 172.23.56.195

pixfirewall(config-network)#network-object 193.1.1.0 255.255.255.224

pixfirewall(config-network)#group-object sjc_eng_ftp_servers

pixfirewall(config-network)#exit

You will have to make your name-services group tcp-udp or your all-services group just udp to do this.

HTH,

S

0 Helpful

koaps
Level 1
Level 1
In response to snursten

‎09-02-2003 03:15 PM

Ummm... ARRRRRRRRRRRRRRRRRRRGGGGGGGG!!!!!!!!!!!!!!!

I can't make groups for tcp and udp then make a all group for udp-tcp.....!!!

Now I'm stuck with two bad options...

Either make the groups tcp-udp which I don't want to do, or make three groups for tcp, udp and icmp, which doubles my rules per server.

A clean solution like making a tcp-udp group with udp only and tcp only group-objects would be the way to go and Cisco should look into it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents