Creating a Service List
Create a list of services you can use to build rules in a Network Firewall policy.
Create service lists to allow or deny traffic to a group of services. A service is identified by a signature based on the ports it uses. Layer 4 inspection is used to identify matching services. You can create a maximum of 2,000 service lists in a policy. A service list can contain a maximum of 200 services. See Creating Network Firewall Policy Components for more information.
You can create service lists one at a time using the following instructions, or you can import many at once using a .json
file. See Bulk Importing Network Firewall Policy Components more information.
Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
- Click on a policy in the list.
- In Policy resources, click on Service lists.
- Click Create service list.
- Enter a friendly name for the service list. Avoid entering confidential information.
- (Optional) If you haven't created any services to use in the list, click Create service. Follow the instructions in Creating a Service to create some services to use in the list.
- In the Available services list, select the services you want to include in the service list. Click Add to selected.
- (Optional) In the Selected services list, select any services you want to remove from the service list. Click Remove from selected.
- When you've included all the desired services in the Selected services list, click Create service list.
Use the network-firewall service-list create command and required parameters to create a service:
oci network-firewall service-list create --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID --total-services integer--services '["service_1", "service_2"]'[OPTIONS]
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateServiceList operation to create a service list.