Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Object-Group All Services

I'm trying to make an object-group of all my services and I can't seem to do it the same way I did my servers.

I have a service groups like this:

object-group service name_services udp

description DNS Services

port-object eq domain

I tried to make a new one for all of them:

firewall(config)# object-group service all_services tcp-udp

firewall(config-service)# ?

At the end of show <command>, use the pipe character '|' followed by:

begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

description Provide a description up to 200 characters.

group-object Configure an object group as an object

port-object Configure a port (service) object

firewall(config-service)# group-object ?

Usage: [no] group-object <object_group_id>

firewall(config-service)# group-object name_services

Adding obj to object-group (all_services) failed; obj and group type inconsistent

As you can see it fails saying it's not the same type? Any Ideas?

2 REPLIES
New Member

Re: Object-Group All Services

Hierarchical or nested obj-groups can only be of the same type. You have tried to nest different types of groups.

The following example shows how to use the object-group network subcommand to create a new network object group and map it to a existing object-group:

pixfirewall(config)# object-group network sjc_ftp_servers

pixfirewall(config-network)#network-object host sjc.ftp.servers

pixfirewall(configpixfirewall(config-network)#network-object host 172.23.56.195

pixfirewall(config-network)#network-object 193.1.1.0 255.255.255.224

pixfirewall(config-network)#group-object sjc_eng_ftp_servers

pixfirewall(config-network)#exit

You will have to make your name-services group tcp-udp or your all-services group just udp to do this.

HTH,

S

New Member

Re: Object-Group All Services

Ummm... ARRRRRRRRRRRRRRRRRRRGGGGGGGG!!!!!!!!!!!!!!!

I can't make groups for tcp and udp then make a all group for udp-tcp.....!!!

Now I'm stuck with two bad options...

Either make the groups tcp-udp which I don't want to do, or make three groups for tcp, udp and icmp, which doubles my rules per server.

A clean solution like making a tcp-udp group with udp only and tcp only group-objects would be the way to go and Cisco should look into it.

385
Views
0
Helpful
2
Replies
CreatePlease to create content