A Service Group is an object that consists of a collection of services. Although the group concept is simple, it can be very useful when constructing security policies since the group can be used instead of an individual service.

The Advantage of Groups

For example, there may be a need for a set of IP rules that are identical to each other except for the service property. By defining a service group which contains all the service objects from all the individual rules, we can replace all of them with just one IP rule that uses the group.

Suppose that we create a service group called email-services which combines the three services objects for SMTP, POP3 and IMAP. Now only one IP rule needs to be defined that uses this group service to allow all email related traffic to flow.

Groups Can Contain Other Groups

When a group is defined then it can contain individual services and/or other service groups. This ability to have groups within groups should be used with caution since it can increase the complexity of a configuration and decrease the ability to troubleshoot problems. However, the feature allows the easy construction of large and complex sets of service definitions.