An Object Group is a group of Address groups and Service groups. Address groups are a collection of IP addresses, range of IP addresses and domain names. Service groups are a collection of ports, range of ports, service types, and codes. When you create business policies and firewall rules, you can define the rules for a range of IP addresses or a range of TCP/UDP/ICMPv4/ICMPv6 ports, by including the object groups in the rule definitions.

You can create Address groups to save the range of valid IP addresses and Service groups for the range of port numbers or service type and range of codes. You can simplify the policy management by creating object groups of specific types and reusing them in policies and rules.

Using Object Groups, you can:

  • Manage policies easily
  • Modularize and reuse the policy components
  • Update all referenced business and firewall policies easily
  • Reduce the number of policies
  • Improve the policy debugging and readability
Note: You can create, update, or delete object groups if you have Create, Update, and Delete permissions on the NETWORK_SERVICE object. You can only view the object groups if you have Read permission on NETWORK_SERVICE and ENTERPRISE_PROFILE objects.