Skip to main content

 

 

Cisco Defense Orchestrator

Create and Edit ASA Service Objects

  1. Last updated
  2. Save as PDF

Create an ASA Service Object

In a service object, you can specify a single protocol and assign it to a source port, destination port, or both source and destination ports. 

  1. Click the Objects tab to open the Objects page.
  2. Click Create Object > ASA > Service.   
  3. Enter an object name.
  4. Select Create a service object
  5. Click the Service Type button and select the protocol for which you want to make an object.
  • For TCP, UDP, and TCP-UDP service types, enter a source port, destination port, or both:
    • The source port identifier allows you to match traffic originating from a particular numbered port. In the source port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range. 
    • The destination port identifier allows you to match traffic arriving at a particular numbered port. In the destination port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range. 
  • For Protocol service types, enter a protocol number between 0-255, or a well-known name, such as ip, tcp, udp, gre, and so forth.
  1. Click Add.

Examples

  • A service object that identifies incoming FTP traffic would be one with a TCP Service type and a destination port range of 21.
  • A service object that identifies outgoing DNS and DNS over TCP traffic would be one with a tcp-udb service type and a source port equal to 53.

Create an ASA Service Group

A service group can be made up of one or more service objects representing one or more protocols.

  1. Click the Objects tab to open the Objects page.
  2. Click Create Object > ASA > Service.   
  3. Enter an object name.
  4. Select Create a service group.
  5. Add an existing object by clicking Add Object, selecting an object, and clicking Select. Repeat this step to add more objects.
  6. If needed, add an extra individual service type value to the service group
  • For TCP, UDP, and TCP-UDP service types, enter a source port, destination port, or both:
    • The source port identifier allows you to match traffic originating from a particular numbered port. In the source port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range. 
    • The destination port identifier allows you to match traffic arriving at a particular numbered port. In the destination port identifier, select an operator: equal to, range, less than, greater than, or not equal to and provide the appropriate port number or range. 
  • For Protocol service types, enter a protocol number between 0-255, or a well-known name, such as ip, tcp, udp, gre, and so forth.
  1. To add more individual port values, click Add Another Value and repeat step 6. 
  2. Click Add when you are done adding service objects and service values to the service group.

Edit an ASA Service Object or Service Group

  1. Click the Objects tab to open the Objects page.
  2. Filter the objects to find the object you want to edit and then select the object in the object table.
  3. In the details pane, click edit edit.png.
  4. Edit the values in the dialog box in the same fashion that you created them in the procedures above. 
  5. Click Save.
  6. CDO displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. There are no recommended articles.
  1. Article type
    How-to
  2. Tags
    This page has no tags.