Experience Center
About Network Service Groups
You can group predefined and custom network services together for use in policies.
Network service groups provide the following benefits and enable you to:
- Group network services into a single entity to manage them collectively in security policies.
- Configure 5-tuple firewall rules, NAT rules, IPS Control policies, and forwarding rules based on network service groups and enforce condition-based actions to allow, block, or redirect your network traffic.
Network services configured in Zscaler are identified at the first packet, leading to immediate policy action. In contrast, multiple packets are typically required by deep packet inspection to identify network applications before a policy action can take place. Therefore, Zscaler recommends that you rank firewall filtering rules for network service groups higher than rules for network applications to prevent packets from being allowed unnecessarily from traffic that would otherwise be blocked by rules using first-packet identification. To learn more, see About Network Applications.
About the Network Service Group Page
On the Network Service Group page (Policies > Access Control > Firewall > Network Services > Service Groups), you can do the following:
- Add a network service group.
- View a list of all network service groups. For each group, you can view:
- Name: The name of the network service group. You can sort this column.
- Services: The network services included in the group.
- Description: The description of the group, if available. You can sort this column.
- Search for a network service group.
- Modify the table and its columns.
- Edit a network service group.
- Go to the Network Services page.
