Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Custom IPS and Application Control Signature Syntax Guide

    Home IPS Engine 6.2.0 Custom IPS and Application Control Signature Syntax Guide
    6.2.0
    7.6.0
    7.4.0
    7.2.0
    7.1.0
    7.0.0
    6.4.0
    6.2.0
    5.2.0
    3.6.0

    service

    service

    Use the service keyword to specify the session type associated with a packet. In order for this keyword to work, the session that is being identified should be supported by a suitable dissector. To see a list of services currently supported by the IPS engine dissectors, refer to the table, Supported service types. You can use the service keyword once in a signature.

    Syntax:
    --service <service_name>;
    Examples:
    --service HTTP;
    --service DNS;

    Supported service types

    Session Type

    Criterion

    Service Option

    Back_office (bo, bo2k)

    TCP/UDP, any port

    service BO

    COTP

    TCP, 102

    service COTP

    DCE RPC

    TCP/UDP, any port

    service DCERPC

    DHCP

    UDP, any port

    service DHCP

    DNP3

    TCP, any port

    service DNP3

    DNS

    TCP/UDP, 53

    service DNS

    FTP

    TCP, any port

    service FTP

    H323

    TCP, 1720

    service H323

    HTTP

    TCP, any port

    service HTTP

    IEC104

    TCP, 2024

    service IEC104

    IM (yahoo, msn, aim, qq)

    TCP/UDP, any port

    service IM

    IMAP

    TCP, any port

    service IMAP

    LDAP

    TCP, 389

    service LDAP

    MODBUS

    TCP, 502

    service MODBUS

    MSSQL

    TCP, 1433

    service MSSQL

    NBSS

    TCP, 139, 445

    service NBSS

    NNTP

    TCP, any port

    service NNTP

    P2P (skype, BT, eDonkey, kazaz, gnutella, dc++)

    TCP/UDP, any port

    service P2P

    POP3

    TCP, any port

    service POP3

    RADIUS

    UDP, 1812, 1813

    service RADIUS

    RDT

    TCP, any port, by RTSP

    service RDT

    RTCP

    TCP, any port, by RTSP

    service RTCP

    RTP

    TCP, any port, by RTSP

    service RTP

    RTSP

    TCP, any port

    service RTSP

    SCCP (skinny)

    TCP, 2000

    service SCCP

    SIP

    TCP/UDP any port

    service SIP

    SMTP

    TCP, any port

    service SMTP

    SNMP

    UDP, 161, 162

    service SNMP

    SSH

    TCP, any port

    service SSH

    SSL

    TCP, any port

    service SSL

    SUN RPC

    TCP/UDP, 111, 32771

    service RPC

    TELNET

    TCP, 23

    service TELNET

    TFN

    ICMP, any port

    service TFN

    TFTP

    UDP, any port

    service TFTP

    WebSocket

    TCP, any port

    service websocket
    Previous
    Next

    service

    service

    Use the service keyword to specify the session type associated with a packet. In order for this keyword to work, the session that is being identified should be supported by a suitable dissector. To see a list of services currently supported by the IPS engine dissectors, refer to the table, Supported service types. You can use the service keyword once in a signature.

    Syntax:
    --service <service_name>;
    Examples:
    --service HTTP;
    --service DNS;

    Supported service types

    Session Type

    Criterion

    Service Option

    Back_office (bo, bo2k)

    TCP/UDP, any port

    service BO

    COTP

    TCP, 102

    service COTP

    DCE RPC

    TCP/UDP, any port

    service DCERPC

    DHCP

    UDP, any port

    service DHCP

    DNP3

    TCP, any port

    service DNP3

    DNS

    TCP/UDP, 53

    service DNS

    FTP

    TCP, any port

    service FTP

    H323

    TCP, 1720

    service H323

    HTTP

    TCP, any port

    service HTTP

    IEC104

    TCP, 2024

    service IEC104

    IM (yahoo, msn, aim, qq)

    TCP/UDP, any port

    service IM

    IMAP

    TCP, any port

    service IMAP

    LDAP

    TCP, 389

    service LDAP

    MODBUS

    TCP, 502

    service MODBUS

    MSSQL

    TCP, 1433

    service MSSQL

    NBSS

    TCP, 139, 445

    service NBSS

    NNTP

    TCP, any port

    service NNTP

    P2P (skype, BT, eDonkey, kazaz, gnutella, dc++)

    TCP/UDP, any port

    service P2P

    POP3

    TCP, any port

    service POP3

    RADIUS

    UDP, 1812, 1813

    service RADIUS

    RDT

    TCP, any port, by RTSP

    service RDT

    RTCP

    TCP, any port, by RTSP

    service RTCP

    RTP

    TCP, any port, by RTSP

    service RTP

    RTSP

    TCP, any port

    service RTSP

    SCCP (skinny)

    TCP, 2000

    service SCCP

    SIP

    TCP/UDP any port

    service SIP

    SMTP

    TCP, any port

    service SMTP

    SNMP

    UDP, 161, 162

    service SNMP

    SSH

    TCP, any port

    service SSH

    SSL

    TCP, any port

    service SSL

    SUN RPC

    TCP/UDP, 111, 32771

    service RPC

    TELNET

    TCP, 23

    service TELNET

    TFN

    ICMP, any port

    service TFN

    TFTP

    UDP, any port

    service TFTP

    WebSocket

    TCP, any port

    service websocket
    Previous
    Next