An Object Group is a group of Address groups and Port groups. Address groups are a collection of IP addresses, range of IP addresses and domain names. Port groups are a collection of ports or range of ports. When you create business policies and firewall rules, you can define the rules for a range of IP addresses or a range of TCP/UDP ports, by including the object groups in the rule definitions.
You can create Address groups to save the range of valid IP addresses and Port groups for the range of port numbers. You can simplify the policy management by creating object groups of specific types and reusing them in policies and rules.
Using Object Groups, you can:
- Manage policies easily
- Modularize and reuse the policy components
- Update all referenced business and firewall policies easily
- Reduce the number of policies
- Improve the policy debugging and readability
Note: You can create, update, or delete object groups if you have Create, Update, and Delete permissions on the NETWORK_SERVICE object. You can only view the object groups if you have Read permission on NETWORK_SERVICE and ENTERPRISE_PROFILE objects.