This section describes how to configure Object Groups and Service Groups (formerly known as Port Groups).
For more information on Object Groups, see Object Groups.
In the SD-WAN service of the Enterprise portal, to configure Object Groups, click .
The Object Groups screen appears. You can configure Address Group and Service Group from this screen.
Address Groups
To create and configure Address Groups, perform the following steps:
- In the Address Groups tab, click Add . The Configure Address Group window appears.
- Enter a Name and Description for the Address Group.
- Under IP Address Ranges, click +ADD and enter the range of IPv4 or IPv6 Addresses by selecting the Prefix or Mask options as: CIDR prefix, Subnet mask, or Wildcard Mask, as required.
- Under Domains, click +ADD and enter the domain names or FQDNs for the Address Group. The domain names defined in the Address Group can be used as a matching criteria for Business policies or Firewall rules.
Note: When configuring domains as match criteria for an Address Group, the SD-WAN service first checks for an IP address match. If a match is found, then the service skips domain name matching. However, if no match is found for an IP address, then the service performs a domain name match in the Address Group.Important: The matching criteria may match basic wildcard patterns. For example, if you configure a domain in an Address Group as google.com, then mail.google.com and/or www.google.com may also match this criteria. However, if you configure www.google.com as the domain in an Address Group, then mail.google.com will not match this policy.
- Click Save Changes.
Service Groups (Formerly known as Port Groups)
To create and configure Service Groups (formerly known as Port Groups), perform the following steps:
- In the Service Groups tab, click Add . The Configure Service Group window appears.
- Enter a Name and Description for the Service Group.
- Under Service Ranges, click +ADD and add Service ranges with the protocol as TCP or UDP or ICMPv4 and ICMPv6, as required.
Note: For TCP and UDP, you must enter a single port number or port range from 0 through 65535. For ICMP and ICMPv6, you can optionally enter the Type and Code. The Type and Code value ranges from 0 through 254. The Code can be a single value or range.
- Click Save Changes.
You can define a business policy or a firewall rule with the Object Group, to include the range of IP addresses and port numbers. For more information, see:
Click the link to the Address or Service Group to modify the settings. To delete an Address or Service Group, select the checkbox before the group and click Delete.
Note: Object Groups in use cannot be deleted. If you want to delete an Object Group, it must first be removed from business policies or firewall rules.