This section describes how to configure Object Groups and Service Groups (formerly known as Port Groups).

For more information on Object Groups, see Object Groups.

In the SD-WAN service of the Enterprise portal, to configure Object Groups, click Configure > Object Groups.

The Object Groups screen appears. You can configure Address Group and Service Group from this screen.

Address Groups

To create and configure Address Groups, perform the following steps:
  1. In the Address Groups tab, click Add . The Configure Address Group window appears.
  2. Enter a Name and Description for the Address Group.
  3. Under IP Address Ranges, click +ADD and enter the range of IPv4 or IPv6 Addresses by selecting the Prefix or Mask options as: CIDR prefix, Subnet mask, or Wildcard Mask, as required.
  4. Under Domains, click +ADD and enter the domain names or FQDNs for the Address Group. The domain names defined in the Address Group can be used as a matching criteria for Business policies or Firewall rules.
    Note: When configuring domains as match criteria for an Address Group, the SD-WAN service first checks for an IP address match. If a match is found, then the service skips domain name matching. However, if no match is found for an IP address, then the service performs a domain name match in the Address Group.
    Important: The matching criteria may match basic wildcard patterns. For example, if you configure a domain in an Address Group as google.com, then mail.google.com and/or www.google.com may also match this criteria. However, if you configure www.google.com as the domain in an Address Group, then mail.google.com will not match this policy.
  5. Click Save Changes.

Service Groups (Formerly known as Port Groups)

To create and configure Service Groups (formerly known as Port Groups), perform the following steps:
  1. In the Service Groups tab, click Add . The Configure Service Group window appears.
  2. Enter a Name and Description for the Service Group.
  3. Under Service Ranges, click +ADD and add Service ranges with the protocol as TCP or UDP or ICMPv4 and ICMPv6, as required.
    Note: For TCP and UDP, you must enter a single port number or port range from 0 through 65535. For ICMP and ICMPv6, you can optionally enter the Type and Code. The Type and Code value ranges from 0 through 254. The Code can be a single value or range.
  4. Click Save Changes.
You can define a business policy or a firewall rule with the Object Group, to include the range of IP addresses and port numbers. For more information, see:

Click the link to the Address or Service Group to modify the settings. To delete an Address or Service Group, select the checkbox before the group and click Delete.

Note: Object Groups in use cannot be deleted. If you want to delete an Object Group, it must first be removed from business policies or firewall rules.