Managing Service Groups
Scenario
A service group is a collection of services (protocols, source ports, and destination ports). You can reference a service group in an access rule to implement unified traffic control for that group. The updates of the service group will be automatically synchronized to all the policies associated with it. This helps you quickly modify policies and avoid repeated configuration, improving O&M efficiency.
Constraints
- For adding a user-defined service group and services:
- A service group can have up to 64 services.
- A firewall instance can have up to 512 service groups.
- A firewall instance can have up to 900 services.
- You can only view predefined service groups, but cannot add services to it, or modify or delete it.
- The service group referenced by a protection rule cannot be deleted. Modify or delete the rule first.
Adding a User-defined Service Group
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose . Click the Service Groups tab.
- On the User-defined Service Groups sub-tab, click Add Service Group. On the Add Service Group page, enter the service group information.
Table 1 Service group parameters Parameter
Description
Service Group Name
Name of a service group
Services
- Protocol: Select a protocol from TCP, UDP, and ICMP.
- Source Port: Set the source port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
- Destination Port: Set the destination port to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
- Description: Usage and application scenario of the service group
Description
Usage and application scenario
- Confirm the information and click OK.
A service group takes effect only after it is set in a protection rule. For more information, see Configuring Protection Rules to Block or Allow Internet Border Traffic.
Adding a Service to a User-defined Service Group
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose . Click the Service Groups tab.
- On the User-defined Service Groups sub-tab, click the name of a service group. The service group details page is displayed.
- Click Add Service. On the page that is displayed, enter the service information.
Table 2 Adding a service Parameter
Description
Example Value
Protocol
Its value can be TCP, UDP, or ICMP.
TCP
Source Port
Source ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
If Protocol is set to ICMP, you do not need to specify any port number.
80
Destination Port
Destination ports to be allowed or blocked. You can configure a single port or consecutive port groups (example: 80-443).
If Protocol is set to ICMP, you do not need to specify any port number.
80
Description
Usage and application scenario
-
- To add multiple services, click Add.
- Confirm the information and click OK.
Viewing a Predefined Service Group
CFW provides predefined service groups, including Web Service, Database, and Remote Login and Ping, suitable for protecting web services, databases, and servers, respectively.
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose . Click the Service Groups tab.
- Click the Pre-defined Service Groups sub-tab and click the name of a service group. On the details page that is displayed, view the service group information.
Deleting a User-defined Service Group

Deleted service groups cannot be restored. Exercise caution when performing this operation.
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose . Click the Service Groups tab.
- On the User-defined Service Groups tab page, click Delete in the Operation column of a service group.
- In the displayed dialog box, confirm the information, enter DELETE, and click OK.
Related Operations
- Exporting service groups: Click Export above the list and select a data range.
- Batch deleting domain names: On the service group details page, select services, click Delete above the list, confirm the information, and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.