FortiGate - Adding a Custom Service

A service is an object that holds a definition of the ports and protocols that are required for a specific application to function on the network.

Common examples of services: 

HTTP: TCP Port 80

HTTPS: TCP Port 443

SSH: TCP Port 22

Remote Desktop (RDP): TCP 3389

In Forti-OS, the most common services are already defined for you to use out of the box, but most users will likely want to add additional services for use in firewall policies.

Create a Service

Navigate to:

1. "Policy & Objects"

2. "Services"

3. "+ Create New"

Name: Name the service.

Comments: Anything you think may be useful.

Color: You can set a custom colour for the service in the UI.

Category: You can set a category for the service. Default is 'Uncategorized'.

Protocol Options

Protocol Type: The options are "TCP/UDP/SCTP", "ICMP", "ICMP6", or "IP". For the vast majority of services, you'll just want to leave it on the default "TCP/UDP/SCTP".

Address: You can define an address range or FQDN here. Most of the time you'll want to leave this as default, however, and define the IP addresses on the firewall policy instead. Default value is 0.0.0.0.

Destination Port: This is a list of TCP, UDP, or SCTP ports which define the service. 

Specify Source Ports: You can toggle this on to define source ports. The vast majority of services won't need this enabled.

Click OK once you're done and you can now use this service in firewall policies.