Overview

A Service Group is a named collection of individual services (such as HTTP, HTTPS, DNS, or custom ports) that you define once and reuse across multiple firewall rules. Instead of adding the same five or six services to every rule individually, you group them once and reference the group. This reduces rule clutter, lowers the chance of inconsistent configurations, and makes future changes far simpler - update the group once and every rule using it inherits the change.

When to use a Service Group

Service Groups are useful whenever you find yourself repeatedly selecting the same set of services across different rules. Common examples include a "Web Access" group bundling HTTP, HTTPS, and DNS; a "Mail Services" group covering SMTP, POP3, IMAP, and their secure variants; or a "Management" group for SSH, HTTPS, and SNMP used in administrative access rules. If a particular combination of services appears in more than one or two rules, it's a good candidate for a group.

How to create a Service Group

Navigate to Definitions > Protocols and Services > Service Groups in the GajOS web interface.

Click to add a new Service Group, then give it a clear, descriptive name that reflects its purpose (for example, Web-Accessor Mail-Services) so it's easily recognizable when you're building rules later. Select the individual services you want to include from the available list and add them to the group. Save the group once you've added all the required services.


Using the group in a firewall rule

Once saved, the Service Group becomes available wherever you would normally select an individual service. When creating or editing a firewall rule, open the service selection field and choose your Service Group from the list just as you would a single service. The rule will then apply to every service contained in that group.

Managing and editing groups

To modify a group later, return to Definitions > Protocols and Services > Service Groups and edit the group's membership. Any changes you make are automatically reflected in all firewall rules that reference the group, so you don't need to touch the rules themselves. Before deleting a Service Group, confirm it is not currently in use by any active rule, as removing a group that is still referenced can affect those rules.