Configuring a Service Object and Service Group Using the CLI

system-view

ip service-set service-set-name type object [ service-set-id ] [ vpn-instance vpn-instance-name ]

service-set-name cannot be set to any or all.

You need to set type when creating a service object. You do not need to set type after accessing the service object view.

• Specify protocol types by TCP/UDP port numbers.

  service [ id ] protocol protocol [ source-port { src-port-number-1 [ to src-port-number-2 ] } &<1-64> | destination-port { dst-port-number-1 [ to dst-port-number-2 ] } &<1-64> ] * [ description description ]

• Specify the ICMP message type or code.

  service [ id ] protocol protocol [ icmp-type { icmp-type-name | icmp-type-number icmp-code } ] [ description description ]

• Specify the ICMPv6 message type or code.

  service [ id ] protocol protocol [ icmpv6-type { icmpv6-type-name | icmpv6-type-number icmpv6-code } ] [ description description ]

• Specify the protocol field value in IP packet headers to specify the protocol type.

  service [ id ] protocol protocol [ description description ]

description description

Appropriate descriptions of service objects help you to further manage the service objects.

By default, the accelerated service set matching function is enabled, except for the USG6510E/6510E-POE/6530E.

If the accelerated service or service set matching function is not enabled, when a policy references a service or service set, service matching follows the regular rule of matching one by one. When a large number of services are configured, the service matching speed decreases, and the processing performance is affected. To solve the preceding problem, you can run this command to enable the accelerated service or service set matching function. After this function is enabled, the FW generates indexes for services and uses the acceleration algorithm to match services. This matching rule speeds up service matching. In addition, it does not decrease the speed due to the increase of the service quantity, thereby improving the processing performance.

system-view

ip service-set service-set-name type group [ service-set-id ] [ vpn-instance vpn-instance-name ]

service-set-name cannot be set to any or all.

You need to set type when creating a service group. You do not need to set type after accessing the service group view.

service [ id ] service-set service-set-name [ description description ]

description description

Appropriate descriptions of service groups help you to further manage the service groups.

By default, the accelerated service set matching function is enabled, except for the USG6510E/6510E-POE/6530E.

If the accelerated service or service set matching function is not enabled, when a policy references a service or service set, service matching follows the regular rule of matching one by one. When a large number of services are configured, the service matching speed decreases, and the processing performance is affected. To solve the preceding problem, you can run this command to enable the accelerated service or service set matching function. After this function is enabled, the FW generates indexes for services and uses the acceleration algorithm to match services. This matching rule speeds up service matching. In addition, it does not decrease the speed due to the increase of the service quantity, thereby improving the processing performance.