Chapter 5 Compliance : Configuring FortiGate units for PCI DSS compliance : Security policies for the CDE network : Controlling the types of traffic in the CDE
  
Controlling the types of traffic in the CDE
The Service setting in each security policy determines which types of traffic can pass based on protocol.
You can select a single protocol from the Service drop-down list. To add another protocol, select the green “+” button to access the Service drop-down list again. If several security policies will need the same list of services, consider creating a named service group. (Go to Firewall Objects > Service > Groups.) In the security policy, service groups are available at the bottom of the Service drop-down list.