User guide
Configuring Firewall Settings
94 WatchGuard Firebox X Edge
8 Click Add.
Repeat the last three steps until you have a list of all the ports and
protocols that this service uses.
You can have more than one port and more than one protocol in a
custom service.
More ports and protocols make the service more dangerous. Restrict the
service to only the ports and protocols that are necessary.
Filtering traffic for incoming services
These steps restrict incoming traffic for a service to specified com-
puters behind the firewall. Refer to “About custom services for out-
going traffic” on page 97 for information on controlling outgoing
traffic.
1 From the Incoming Filter drop-down list, select Allow or Deny.
2 If you set the Incoming Filter to Allow, you must type in the IP
address of the service host. This is the computer that receives
the traffic.
3 To allow external computers to send incoming traffic to the
service host using this service, skip the subsequent instructions
and click Submit at the bottom of the page.
4 To put a limit on the number of computers that can send traffic
to the service host using this service, use the drop-down list to
select Host IP Address, Network IP Address, or Host Range.
Type Network IP addresses in “slash” notation (also known as Classless
Inter Domain Routing or CIDR notation). For more information on
entering IP addresses in slash notation, see this FAQ: http://
www.watchguard.com/support/advancedfaqs/general_slash.asp.
5 In the address text boxes, type the host or network IP address,
or type the range of IP addresses that identify the computers on
the external network that can use this service to send traffic to
the service host.
6 Click Add. The From box shows the host or network IP address
you typed.
Repeat the last three steps until all of the address information for this
custom service is set. The From box can have more than one entry.
7 If this service is only for incoming traffic, keep the outgoing
filter set to No Rule. If this service is for outgoing traffic, see
the next section, “Configuring Outgoing Services.”
8 Click Submit.