Skip to main content

 

 

Cisco Defense Orchestrator

Create and Edit Firepower Service Objects

Create a Firepower Service Object

Firepower Threat Defense (FTD) service objects are reusable components that specify a TCP/IP protocol and a port. The Firepower Defense Manager and Firepower Management Center refer to these objects as "Port Objects."

  1. Click the Objects tab to open the Objects page.
  2. Click Create Object > FTD > Service.   
  3. Enter an object name and description.
  4. Select Create a service object.
  5. Click the Service Type button and select the protocol for which you want to create an object.
  6. Enter the information to identify the protocol by taking one of these actions:
  • Enter the specific port number for the TCP or UDP port.
  • Select the ICMP or ICMPv6 message type.
  • If you selected the "other" service type, select one of the TCP/IP protocols from the list.
  1. Click Add.
  2. Dpeloy the changes to the Firepower device.

Examples

  • A service object that identifies incoming FTP traffic would be one with a TCP Service type and a destination port range of 20-21.
  • A service object that identifies incoming Telnet traffic would be one with a TCP service type with destination port equal to 23.
  • A service object that identifies outgoing DNS and DNS over TCP traffic would be one with a tcp-udb service type and a source port equal to 53.

Create a Firepower Service Group

A service group can be made up of one or more service objects representing one or more protocols. The service objects need to be created before they can be added to the group. The Firepower Defense Manager and Firepower Management Center refer to these objects as "Port Objects."

  1. Click the Objects tab to open the Objects page.
  2. Click Create Object > FTD > Service.   
  3. Enter an object name and description.
  4. Select Create a service group.
  5. Add an existing object by clicking Add Object, selecting an object, and clicking Select. Repeat this step to add more objects.
  6. Click Add when you are done adding service objects and service values to the service group.
  7. Deploy the changes to the Firepower device.

Edit a Firepower Service Object or Service Group

  1. Click the Objects tab to open the Objects page.
  2. Filter the objects to find the object you want to edit and then select the object in the object table.
  3. In the details pane, click edit edit.png.
  4. Edit the values in the dialog box in the same fashion that you created them in the procedures above. 
  5. Click Save.
  6. CDO displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it.
  7. Deploy the changes to the Firepower device.