Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
121122123124125126127128129130
Chapter 8: Configuring Filtered Services
108 WatchGuard Firebox System
“Multiservices” can contain subservices of more than one precedence
group. “Filtered-HTTP” and “Proxied-HTTP,” for example, contain both a
port-specific TCP subservice for port 80 as well as a nonport subservice
that covers all other TCP connections. When precedence is being
determined, individual subservices are given precedence according to
their group (described previously) independent of the other subservices
contained in the multiservice.
Precedence is determined by group first. As shown in the following
diagram, services from a higher precedence group always have higher
precedence than the services of a lower precedence group, regardless of
their individual settings. For example, because the “Any” service is in the
highest precedence group, all incidences of the “Any” service will take
precedence over the highest precedence Telnet service.
The precedences of services that are in the same precedence group are
ordered from the most specific services (based on source and destination
targets) to the least specific service. The method used to sort services is