Port
Port objects represent different protocols in slightly different ways:
- TCP and UDP
-
A port object represents the transport layer protocol, with the protocol number in parentheses, plus an optional associated port or port range. For example:
TCP(6)/22
. - ICMP and ICMPv6 (IPv6-ICMP)
-
A port object represents the Internet layer protocol plus an optional type and code. For example:
ICMP(1):3:3
.You can restrict an ICMP or IPV6-ICMP port object by type and, if applicable, code. For more information on ICMP types and codes, see:
- Other
-
A port object can represent other protocols that do not use ports.
The system provides default port objects for well-known ports. You cannot modify or delete these default objects. You can create custom port objects in addition to the default objects.
You can use port objects and groups in various places in the system’s web interface, including access control policies, identity rules, network discovery rules, port variables, and event searches. For example, if your organization uses a custom client that uses a specific range of ports and causes the system to generate excessive and misleading events, you can configure your network discovery policy to exclude monitoring those ports.
When using port objects, observe the following guidelines:
-
You cannot add any protocol other than TCP or UDP for source port conditions in access control rules. Also, you cannot mix transport protocols when setting both source and destination port conditions in a rule.
-
If you add an unsupported protocol to a port object group used in a source port condition, the rule where it is used does not take affect on the managed device when the configuration is deployed.
-
If you create a port object containing both TCP and UDP ports, then add it as a source port condition in a rule, you cannot add a destination port, and vice versa.