On This Page
Security, Risk, and Compliance
Object IDs in USP Rule Exceptions
Network objects, such as groups, and network groups as source/destination, will now appear on the USP Exceptions page. This must be done using the REST or GraphQL API and cannot be done in the UI. When the exception is processed, the object members will be determined dynamically.
ICMP both Service and Application (PHF1.0.0 and later)
Starting from R23-1 PHF1.0.0, you can use ICMP as both a service and an application when creating or editing the security policy of a USP zone. To differentiate:
-
ICMP = application
-
icmp-proto = service
This is also true when defining a specific service. For example: icmp-proto 8.
