Create a Service with all TCP/UDP Ports Vs Service Group

Forum|Forum|1 year ago
March 12, 2025
2 replies
864 views

hi,

i'm trying to build a new FW policy and wondered if i just build a single custom service object with all the required ports added, i.e. TCP 80, TCP 443, TCP 8080 or create a service group and add the individual service objects.

1. would there be a difference if i used a single service object vs a service group in the FW policy?

2. what's the recommended or considered "best practice" in FGT FW policy?

3. what are the pros and cons between the two approach?

FortiGate

Best answer by AEK

Hi John

Technically both give the same result.

But for good "convention", good logic and good management you better use service group, because there is actually no service that use those three ports.

Adding multiple ports to one service can be for cases like DNS, where you can add 53 TCP and 53 UDP in the same service.

Hope it helps.

AEKAnswer

SuperUser

Hi John

Technically both give the same result.

But for good "convention", good logic and good management you better use service group, because there is actually no service that use those three ports.

Adding multiple ports to one service can be for cases like DNS, where you can add 53 TCP and 53 UDP in the same service.

Hope it helps.

AEK

johnlloyd_13Author

Explorer III

hi,

noted with thanks! appreciate it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded