In the FortiGate firmware 7.6.0, the service group cannot created since the members are not listed, and a service group with no members cannot be edited in the GUI since the members list is empty. The issue ID 1068202 is under investigation.

The workaround is the following configuration in the CLI (use the '?' parameter to check the full list of available services while creating via the CLI):

config firewall service group

    edit "TEST"

new entry 'TEST' added

        set member ?

*name    Service or service group name.

ALL     custom

FTP     custom

FTP_GET custom

FTP_PUT custom

DNS     custom

HTTP    custom

HTTPS   custom

IMAP    custom

IMAPS   custom

LDAP    custom

DCE-RPC custom

POP3    custom

POP3S   custom

SAMBA   custom

SMTP    custom

SMTPS   custom

KERBEROS        custom

LDAP_UDP        custom

SMB     custom

ALL_TCP custom

ALL_UDP custom

ALL_ICMP        custom

ALL_ICMP6       custom

GRE     custom

AH      custom

ESP     custom

AOL     custom

BGP     custom

DHCP    custom

FINGER  custom

GOPHER  custom

H323    custom

IKE     custom

Internet-Locator-Service        custom

IRC     custom

L2TP    custom

NetMeeting      custom

        set member FTP FTP_GET FTP_PUT

end

To add a new service to an existing service group, use the command 'append' to add one or more options to the existing members:

config firewall service group

    edit "TEST"

    append member "SSH"

    next

end

After the configuration in the CLI, the service group will show up as expected in the GUI:

This issue has been resolved in FortiOS version 7.6.1.