Link Search Menu Expand Document

Service Groups

Configuration > Templates & Policies > ACLs > Service Groups

Use the Service Groups tab to view and manage service groups in your SD-WAN network. A service group is a logical collection of protocols and ports that can be referenced in source or destination matching criteria in the zone based firewall and security policies (route, QOS, optimization, and so forth).

NOTE: Orchestrator supports up to 4MB of service group definitions. For current usage, check the Service Groups UI.

img

Add a Service Group

Follow the steps below to create a new service group:

  1. Click Add Group. The Add Service Group dialog box opens.

    img

  2. Provide the following details in the fields provided:

    Field Used in Description
    Group name All Enter a unique name for the group, up to 64 characters long.

    NOTE: Group names can only contain uppercase and lowercase letters, numbers, dots, underscores, and hyphens.
    Protocol All Select a protocol from the list of those available.
    Ports to include TCP, UDP Enter one or more ports to include in the group. A single port, multiple comma-separated ports, and a range of ports are supported (e.g., 20, 22, 24-30).
    Ports to exclude TCP, UDP Enter one or more ports to exclude from the group, in the case where you are including a range of ports. A single port, multiple comma-separated ports, and a range of ports are supported (e.g., 20, 22, 24-30).
    Groups to include TCP, UDP Enter the name of one or more service groups to include.

    NOTE: Group inclusion only supports two levels of nesting. For example, if Group1 includes Group2 and Group2 includes Group3, you could not include Group1 anywhere because it already contains two levels of nested groups.
    Groups to exclude TCP, UDP Enter the name of one or more service groups to exclude, in the case where you are already including a group that includes multiple groups.
    ICMP types ICMP For ICMP, add one or more message types to include. Multiple types and ranges are supported (e.g., 1, 2, 4-8).
    Comment All Enter an optional comment that describes the service group and how it might be used.
  3. Click Add to create the service group or click Cancel to close the dialog box without making any changes.

Add a Rule to a Service Group

Follow the steps below to add a rule to an existing service group:

  1. Select the service group to which you want to add a rule from the drop-down list above the table.

  2. Click Add Rule. The Add Rule dialog box opens.

    img

  3. Provide the details for the new rule in the fields provided (see field descriptions in Add a Service Group).

  4. Click Add to create the rule or click Cancel to close the dialog box without making any changes.

Delete a Service Group

Follow the steps below to delete a service group:

  1. Select the service group you want to delete from the drop-down list above the table.

  2. Click Delete Group.

    A confirmation dialog box opens.

  3. Click Delete to confirm your choice and permanently remove the selected group and all of its rules. Otherwise, click Cancel to return to the list without deleting the group.

Export Service Groups

You can export the current service groups to a CSV file as a backup to make bulk modifications outside of the Orchestrator UI. Follow the steps below to export service groups.

  1. Click Export CSV.

  2. In the save dialog box, browse to the location where you want to save the file, provide a name for the file, and then click Save.

  3. Open the saved file in Excel or another program to view or modify its contents.

    img

    NOTE: When editing exported rules and service groups, you can modify the protocol, inclusions, exclusions, ICMP types, or comments to overwrite the same rule when imported. If you modify the group name on a rule, however, it will create a new rule when imported.

Import Service Groups

Follow the steps below to import service groups from a CSV file:

NOTE: You can import a file that was exported and modified, or a new file that contains data in the same rows and columns as the exported file. Columns are ordered as Name, Protocol, Included Ports, Excluded Ports, Included Groups, Excluded Groups, ICMP types, and Comment. The first row of the import file will be ignored.

  1. Click Bulk Import. The Service Groups - Bulk Upload dialog box opens.

    img

  2. Click Choose File, locate and select the CSV file to be imported, and then click Open.

  3. Review the groups and rules to be imported.

  4. Click Save to import the file and merge with or replace the existing service groups, or click Cancel to close the dialog box without making any changes.

View a Single Service Group

By default, all service groups are displayed in the table on the Service Groups tab. To filter the table to a single service group, select the group from the drop-down list above the table.

NOTE: You can only add rules to an existing group when viewing a single service group. You cannot add a group with the same name as an existing group.

Edit or Delete a Rule

To edit or delete an existing rule, click the edit icon to the right of the rule and the Edit Rule dialog box opens.

img

  • To edit the rule, modify the available fields, and then click Save.

  • To delete the rule, click Delete.

Using Service Groups in Match Criteria

When specifying match criteria for Port, you can use a service group by enabling the Src:Dest and Groups options.

img


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America