Experience Center
About Application Service Groups
Zscaler provides predefined application service groups to enable in your firewall filtering policy and forwarding policies.
Application service groups provide the following benefits and enable you to:
- Configure firewall rules and forwarding rules based on the predefined application service groups provided by Zscaler.
- Enforce condition-based actions on your network traffic, such as allowing or blocking traffic and forwarding traffic to specific destinations.
Zscaler's application services are identified at the first packet and therefore can result in the policy action hitting that first packet. The custom firmware pre-assembles the metadata received from the first packet, such as the domain and subdomains, along with their destination IP addresses, protocol types, and ports to identify the associated application service. This is different from the identification of packets for network applications. This means that policies using application services should be in a higher priority rule than a similar policy using network applications so that the former can be matched first. To learn more, see About Network Applications.
The Application Service Groups page holds a static list of application service groups that you can use as criteria when configuring your firewall filtering policy and forwarding policies. On this page, you can view the list of available service groups and search for a service group from the list.
About the Application Service Groups Page
On the Application Service Groups page (Policies > Access Control > Firewall > Application Services), you can do the following:
- View the list of predefined application service groups provided by Zscaler.
- Search for an application service group by name.
- Sort the application service groups alphabetically.
