6.4.3. Procedure – Creating a new DenyService

To create a new DenyService that prohibits access to certain services, complete the following steps.

1. 

   Figure 6.18. Creating a new service

   Navigate to the Services tab of the Application-level Gateway MC component and click New.

2. Enter a name for the service into the opening dialog. Use clear, informative, and consistent service names. You are recommended to include the following information in the service name:

   • Source zones, indicating which clients may use the service (for example, intranet).

   • The protocol permitted in the traffic (for example, HTTP).

   • Destination zones, indicating which servers may be accessed using the service (for example, Internet).

   Tip
   Name the service that allows internal users to browse the Web intra_HTTP_internet. Use dots to indicate child zones, for example, intra.marketing_HTTP_inter.

3. Click in the Class field and select DenyService.

4. 

   Figure 6.19. Configuring a DenyService

   To specify how Application-level Gateway rejects the traffic matching a DenyService, use the Deny IPv4 with and Deny IPv6 with options. By default, Application-level Gateway simply drops the traffic without notifying the client.

5. Commit your changes.