Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
2
Replies

Object-groups tcp and udp using different ports numbers.

m-rosebury
Level 1
Level 1

‎12-19-2003 05:09 AM - edited ‎03-09-2019 05:56 AM

Does anyone know if it is possible to use Object-groups with tcp and udp in the same group but using different port numbers?

The service tcp-udp is useful for something like DNS where the tcp and udp ports are the same but not for other combinations such as syslog where different port numbers are used.

Using a nested group-object also fails if adding both tcp and udp group together in a tcp-udp higher level group. The error message is;

"Adding obj to object-group (syslogtcpudp) failed; obj and group type inconsistent"

Thanks

Matt

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-21-2003 05:34 PM

For something like syslog you have to use two separate object groups and two separate access-list lines.

Within a TCP-UDP OG, you can specify both port numbers, (let's say 512 and 333), but you'll end up letting in TCP and UDP packets on port 512 and 333, which will work, but is not exactly what you want.

0 Helpful

m-rosebury
Level 1
Level 1
In response to gfullage

‎12-22-2003 01:57 AM

Obviously it can be done with two object groups and two access-list entries but the question was, can it be done with one. I guess the answer is NO unless someone else knows better.

0 Helpful
Customers Also Viewed These Support Documents