6.4.3. Procedure – Creating a new DenyService

To create a new DenyService that prohibits access to certain services, complete the following steps.

  1. Navigate to the Services tab of the PNS MC component and click New.

    Creating a new DenyService

    Figure 6.25. Creating a new DenyService

  2. Enter a name for the service into the opening dialog. Use clear, informative, and consistent service names. It is recommended to include the following information in the service name:

    • source zones, indicating which clients may use the service (for example, intranet)

    • the protocol permitted in the traffic (for example, HTTP)

    • destination zones, indicating which servers may be accessed using the service (for example, Internet)

    Tip

    Name the service that allows internal users to browse the Web intra_HTTP_internet. Use dots to indicate child zones, for example, intra.marketing_HTTP_inter.

  3. Click in the Class field and select DenyService.

  4. To specify how Application-level Gateway rejects the traffic matching a DenyService, use the Deny IPv4 with and Deny IPv6 with options. By default, Application-level Gateway simply drops the traffic without notifying the client.

  5. Commit your changes.