Services and Service Groups Overview

A service in Security Directory refers to an application on a device. For example, Domain Name Service (DNS). Services are based on protocols and ports used by an application, and when added to a policy, a configured service can be applied across all devices managed by Security Director. The protocols used to create a service include: TCP, UDP, MS-RPC, SUN-RPC, ICMP, and ICMPv6. Security Director also includes predefined, commonly used services, and you cannot modify or delete them.

Once you create a service, you can combine it with other services to form a service group. Service groups are useful when you want to apply the same policy to multiple services. This lets you create fewer policies.

Note that Security Director manages services in the same way it manages addresses, by always deleting the unused services (those services that are not referenced by any policy on the device) from the device during publish or update. If the option is disabled, Security Director will never try to delete a service from the device, even if that service is unused.