Cloud & Branch Connector
About Network Services
Zscaler firewall has over 50 predefined services and an admin can configure up to 1,024 additional custom services. You can add, modify, or delete ports in all predefined services except ICMP_any, UDP_any, TCP_any, and OTHER. To learn more, see Configuring Network Services.
- View a list of predefined services.Close
Name TCP Destination Ports UDP Destination Ports Description AIM 5190 - AOL Instant Messenger (AIM) is an instant messaging application. The protocol name is Open System for Communication in Realtime and is used in both ICQ and AIM services. DHCP 67-68 67-68 The DHCP protocol is used to automatically configure the network parameters of a station. DNS 53 53 The DNS protocol is used to translate internet names (www.site.com) into IP addresses and vice versa. Echo 7 7 Echo Protocol is a service in the Internet Protocol suite defined in RFC 862. It was originally proposed for testing and measurement of round-trip times in IP networks. ESP - - Encapsulating Security Payload (ESP) is a protocol within IPsec that provides data confidentiality and authentication for the payload in network packets. FTP 21 - The FTP protocol is used for reliable data transfer between a client and a server. FTPS_Implicit 990 990 Implicit FTPS automatically starts an SSL/TLS connection to server as soon as the FTP client connects to an FTP server. Gnutella 6346-6347 6346-6347 Gnutella is a peer-to-peer protocol. GRE - - Generic Routing Encapsulation (GRE) is a tunneling protocol that sets up direct point-to-point links by encapsulating data packets of one protocol inside the packets of another protocol. H.323 1503, 1720, 1731, 389, 522 1719 H.323 is a standard approved by the International Telecommunication Union that defines how audiovisual conferencing data is transmitted across networks. HTTP 80 - HTTP is used for browsing the web. HTTP Proxy 3128, 8080 - HTTP tunneling is a technique by which communications performed using various network protocols are encapsulated using the HTTP protocol, the network protocols in question usually belonging to the TCP/IP family of protocols. HTTPS 443 - HTTPS is the secure version of HTTP. ICMP - - ICMP is one of the main protocols of the Internet Protocol suite, which is used by network devices like routers to send error messages indicating that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. Ident 113 - Identification Protocol (Ident Protocol) provides a means to determine the identity of a user of a specific TCP connection. IKE 500 500 Internet Key Exchange (IKE) is a protocol to obtain authenticated keying material for use with Internet Security Association and Key Management Protocol for IPSec. IKE-NAT - 4500 IKE-NAT allows network address translation for Encapsulating Security Payload and Internet Security Association and Key Management Protocol packets. ILS 1002, 389, 522, 636 - Internet Locator Service (ILS) includes Lightweight Directory Access Protocol (LDAP), User Locator Service, and LDAP over SSL/TLS. IMAP 143, 220, 993 220 Internet Message Access Protocol (IMAP) is a protocol used for retrieving email messages. IRC 6660-6669 - Internet Relay Chat (IRC) is an instant messaging protocol. Kerberos 88 88 Kerberos is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. L2TP - 1701 Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the internet. LDAP 389 - Lightweight Directory Access Protocol (LDAP) is a protocol used for accessing directory services. Windows environments use this protocol to send queries to Active Directory. MGCP Call Agent - 2727 This network service represents the Media Gateway Control Protocol (MGCP) call agent service. MGCP User Agent - 2427 This network service represents the Media Gateway Control Protocol (MGCP) user agent service. MSNP 1863 - Microsoft Notification Protocol (MSNP) allows the exchange of instant messages. The MSN protocol is used by the Microsoft software Microsoft Messenger. MS_SQL 1433 Protocol for the Microsoft SQL relational database management system. NetBIOS 137, 139 137-138 This network service represents the Network Basic Input/Output System (NetBIOS) name/datagram/session service. NetMeeting 1503, 1720, 1731, 389, 522 1719 Microsoft NetMeeting allows users to teleconference using the internet as the transmission medium. NFS 111, 2049 111, 2049 The Network File System (NFS) protocol provides transparent remote access to shared file systems across networks as described in RFC 1813. Nmap 678 678 Network Mapper (Nmap) is a security scanner used to discover hosts and services on a computer network, thus creating a 'map' of the network. NTP - 123 Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. OpenVPN - 1194 OpenVPN is an open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. pcAnywhere 5631 22, 5632 The pcAnywhere software is used for remote control and file transfer. POP3 109, 110, 995 - Post Office Protocol version 3 (POP3) is a protocol used for retrieving email. PPTP 1723 - Point-to-Point Tunneling Protocol (PPTP) allows the Point to Point Protocol to be tunnelled through an IP network. QUIC - 443 Quick UDP Internet Connections (QUIC) is a transport protocol for the internet, developed by Google. RADIUS - 1812-1813 Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RealMedia 7070 - RealMedia is a streaming video and audio technology. Rsync 873 873 The rsync program is used for file synchronization and file transfer on Unix-like systems. This program minimizes network data transfer by using a form of delta encoding called the rsync algorithm. RTSP 554 554 The Real Time Streaming Protocol (RTSP) is an application-level protocol for control over the delivery of data with real-time properties. RTSP provides an extensible framework to enable controlled, on-demand delivery of real-time data, such as audio and video. SCCP 2000 - Skinny Client Control Protocol (SCCP) is a Cisco proprietary protocol used between Cisco Unified Communications Manager and Cisco Voice over IP (VoIP) phones. It is also supported by some other vendors. SIP 5060 5060 Session Initiation Protocol (SIP) is the Internet Engineering Task Force's standard for multimedia conferencing over IP. Like other Voice over IP (VoIP) protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. SMB 445 - The Server Message Block Protocol (SMB/SMB2) provides a method for client applications to read and write to files and to request services from server programs in a computer network. SMTP 25 - Simple Mail Transfer Protocol (SMTP) is used for sending email messages between servers. SNMP 161-162 161-162 This network service represents Simple Network Management Protocol (SNMP) applications (also called SNMP managers) and SNMP agents. SNMP Trap 154 154 SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. SSH 22 - Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and a protocol for obtaining secure access to a remote computer. Syslog - 514 Syslog protocol is used for the transmission of event notification messages across networks between a client and a server. TACACS 49 49 Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. TCP - - TCP is one of the core protocols of the Internet Protocol suite, and is so common that the entire suite is often called TCP/IP. TDS 1433 - Tabular Data Stream (TDS) is a protocol for the Microsoft SQL relational database management system. Telnet 23 - Telnet provides a fairly general, bidirectional, 8-bit byte-oriented communications facility. Its primary aim is to provide a standard method of interfacing between terminal devices and terminal-oriented processes. TFTP 69 69 Trivial File Transfer Protocol (TFTP) is a file transfer protocol notable for its simplicity. Traceroute - 33400-34000 Traceroute is a utility to indicate the path to access a specific host. UDP - - User Datagram Protocol (UDP) is one of the core members of the Internet Protocol suite. VDOLive 7000-7010 - VDOLive is a scalable, video streaming technology. VNC 5800, 5900 - Virtual Network Computing (VNC) facilitates remote control of computers over a network by using the Remote Frame Buffer protocol. WHOIS 43 - WHOIS is a network directory service protocol. Yahoo Messenger 5050 - Yahoo Messenger is used by the Yahoo Instant Messenger application to send instant messages, files, and emails between users. Zscaler Proxy Network Services 10099, 21, 443, 80, 8080, 8800, 9400, 9443, 9480 - This network service includes all Zscaler-specific web proxy ports including customer-specific Dedicated Proxy Ports.
Network services configured in Zscaler are identified at the first packet, leading to immediate policy action. In contrast, multiple packets are typically required by deep packet inspection to identify network applications before a policy action can take place. Therefore, Zscaler recommends that you rank firewall filtering rules for network services higher than rules for network applications to prevent packets from being allowed unnecessarily from traffic that would have been otherwise blocked by rules using first-packet identification.
You can also define network service groups. To learn more, see About Network Service Groups.
Network Services provide the following benefits and enable you to:
- Create policies based on TCP and UDP source and destination ports.
- Update predefined network services for your purposes.
- Use the same network services in forwarding & security policies.
About the Network Services Page
On the Network Services page (Administration > Network Services), you can do the following:
- Add a network service.
- View a list of all network services. For each service, you can view:
- Name: The name of the application service layer you are controlling.
- TCP Source Ports: The TCP source port number or port number range, if any, that is used by the network service.
- TCP Destination Ports: The TCP destination port number or port number range, if any, that is used by the network service.
- UDP Source Ports: The UDP source port number or port number range, if any, that is used by the network service.
- UDP Destination Ports: The UDP destination port number or port number range, if any, that is used by the network service.
- Description: For predefined services, a brief description of what the service is. For services you have added, any additional notes you included.
- Edit a network service.
- View a network service.
- Modify the table and its columns.
- Search for a network service.
- Filter the network services by protocol (TCP or UDP).
- Go to the Network Service Groups page.