Add Service Object Groups
In Cisco Secure Access, a Service Object Group is a reusable collection of Service Objects and other Service Object Groups. You can add Service Object Groups in Secure Access and select Service Objects or other Service Object Groups to include in the group.
After you add a Service Object Group in Secure Access, the group is available for you to select in other Service Object Groups and for destination components on private access rules. For more information about reusable destination components, see Components for Private Access Rules.
Table of Contents
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
Guidelines for Adding Service Object Groups in Secure Access
- A Service Object Group must have a unique name within the scope of all Service Object Groups in the organization.
- A Service Object Group can include Service Objects and other Service Object Groups. Secure Access supports three levels of nested groups.
Example of Service Object Group Hierarchies
service_object_group_one
|-service_object_group_two
|-service_object_group_three
Circular Dependencies in Object Groups
Important: Secure Access does not support circular dependencies of groups in Service Object Groups. For example, if you have a Service Object Group with this object hierarchy:
Service Object Group A —> Service Object Group B, Service Object Group C
- Service Object Group B can not have Service Object Group A in its group.
- Service Object Group C can not have Service Object Group A in its group.
Procedure
Add a Service Object Group in the Secure Access organization. When you configure a Service Object Group, select reusable Service Objects and other Service Object Groups on the group. You can also create new Service Objects and add these resources to the group.
-
Navigate to Resources > Network and Service Objects.
-
Click on the Service Object Groups tab, navigate to Service Object Groups, and then click Add Group.
-
Navigate to General.
Note: You must enter a valid name for the Service Object Group that is unique for all Service Object Groups in the organization.
a. For Name, enter a name for the Service Object Group. Secure Access supports a sequence of 1–255 alphanumeric, space, hyphen, and underscore characters.
b. For Description, enter text that describes the Service Object Group.
-
Navigate to Group Values.
-
For Select objects or groups, choose either Select Sources or + Create Object.
a. For Select Sources, choose from the lists of configured Service Objects and Service Object Groups.
b. for + Create Object, follow the steps to add a Service Object. For more information, see Add Service Objects.
- Click Add Service Group.
View Service Object Groups
View the Service Object Groups that you added to the organization in Secure Access.
-
Navigate to Resources > Network and Service Objects.
-
Click on the Service Object Groups tab, and then navigate to the Service Object Groups table.
Secure Access displays the list of the properties for the Service Object Groups in the organization.
-
Navigate to a Service Object Group to view the details about the group.
- Name—The name of the Service Object Group.
- Includes—The list of the references to the objects in the Service Object Group.
- Included in—The list of groups that include the Service Object Group.
- Access rules—The list of rules that have the Service Object Group selected on the rules.
Search on Name for Service Object Groups
Search for the Service Object Groups in the organization.
-
On the Service Object Groups tab, navigate to Service Object Groups.
-
In the search bar, enter a sequence of characters to query for the name of the Service Object Groups.
Manage Service Object Groups < Add Service Object Groups > Edit a Service Object Group
Updated 21 days ago