Good day,
I wonder if there is any best practice guideline regarding the use of TCP/UDP Service Groups, instead of several one-port access-rules
For example, if you have several subnets who need to talk to some domain controllers in one subnet, for AD-traffic - it quick get a lot of access-rules if you use one rule per port. On the other side, you can easily see which rules have hits, and who have no hits - and might be removed.
I'm thinking of creating a Service Group for all AD-traffic, so I only need one rule for each interface for this traffic.
Any downsides doing this? Do use of Service Groups impact performance?
Thanks.