On This Page
APG Customization XML Syntax
Service Group Syntax
In the service group section of the XML file, you can define multiple service groups. Each service group must have a name and a list of members. You can define group members by:
- A single protocol or multiple protocols separated by commas
- A single port or a range of ports
To use service groups, define your service groups in the XML:
|
Description |
Example |
|---|---|
|
|
<service_groups> |
|
Give the group a name |
<group> <group_name>Web_services</group_name> <members> |
|
Define members by protocol and port |
<member> <port>443</port> <protocol>6</protocol> </member> |
|
Define members by port range and multiple protocols |
<member> <port>80-81</port> <protocol>6,17</protocol> </member> |
|
|
</members> </group> </service_groups> |
Predefined Rules Syntax
In the predefined rules section of the XML file, you can define multiple predefined rules. Each predefined rule must have a name, source, destination and service.
You can define the source or destination as:
- A single subnet:
<subnet>88.34.90.43/32</subnet><negate>0</negate> - Multiple subnets
<subnet>88.34.90.43/32</subnet><subnet>88.7.90.43/32</subnet><negate>0</negate> - Any
<subnet>0.0.0.0/0</subnet><negate>0</negate> - Any subnet excluding the specified subnet or subnets
<subnet>88.34.90.43/32</subnet><negate>1</negate>
You can define the service as:
- A specific port/protocol:
<port>8/1</port> - Multiple services that are defined by a service group
<group_name>Web_services</group_name> - Any
<port>Any</port>
To use predefined rules, list the predefined rules in the XML file according to the syntax below:
|
Description |
XML Format |
|---|---|
|
|
<predefined_rules> <rule> |
|
Define subnet by IP address with CIDR subnet mask Use negate to define the rule as any subnets not included in the specified subnet |
<source> <subnet>128.171.88.3/32</subnet> <negate>0</negate> </source> |
|
Define multiple subnets separated by commas |
<destination> <subnet>128.171.88.246/24, 88.34.93.3</subnet> <negate>0</negate> </destination> |
|
Use a defined service group as a service |
<service> <group_name>Web_services</group_name> </service> |
|
Define the name of the rule |
<rule_name>Web accessSource</rule_name> |
|
|
</rule> </predefined_rules> |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague