Controlling the types of traffic in the CDE
The Service setting in each security policy determines which types of traffic can pass based on protocol.
You can select a single protocol from the Service drop-down list. To add another protocol, select the green “+” button to access the Service drop-down list again. If several security policies will need the same list of services, consider creating a named service group. (Go to Firewall Objects > Service > Groups.) In the security policy, service groups are available at the bottom of the Service drop-down list.