Description | This article describes how to properly group Internet Service Objects based on their direction and organize them into Internet Service Groups. |
Scope | FortiGate. |
Solution |
Creating an Internet Service Group simplifies creation of FortiGate policies so that there is only a single object to be selected instead of referencing a lot of Internet Service objects.
Direction defines how the Internet Service may be used. The direction can be verified by searching for the specific Internet Service Object in the FortiGate GUI by going to Policy & Objects -> Internet Service Database -> Searching for keywords of Internet Services.
Below are three different conditions that should be considered in relation to direction when creating an Internet Service Group:
Before v7.4, it is only possible to create Internet Service Groups via the CLI. However, as of v7.6.0, it is now possible to create and view the Internet Service Groups via the GUI.
To aid in understanding, the Internet Service Objects in this article that are members of the group are differentiated by color based on their direction.
config firewall internet-service-group edit "test-Source" set comment "Use Internet Service Group as SOURCE" edit "test-Destination" set comment "Use Internet Service Group as DESTINATION" edit "test-Both" set comment "Use Internet Service Group as BOTH" next end
In v7.6+:
Note: For 'test-Source' and 'test-Destination' Internet Service Groups, it is possible to mix the group members with Internet Service Objects that have the 'both' direction. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.