Hello,

Im trying to keep an ASA config very clean by using service port groups where possible. Check Point does a good job of grouping services by default for me. If you have any examples of what you use please post them up from your configs. This is what I have so far from my 8.4.2 config.

object-group service CIFS tcp-udp

description Microsoft File Shares

port-object eq 135

port-object eq 136

port-object eq 137

port-object eq 138

port-object eq 139

port-object eq 445

port-object eq cifs

object-group service httphttps tcp

port-object eq www

port-object eq https

port-object eq 8080

object-group icmp-type ping

icmp-object echo

icmp-object echo-reply

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group icmp-type tracert-allow

icmp-object echo-reply

icmp-object source-quench

icmp-object time-exceeded

icmp-object unreachable