Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Object-Group All Services

I'm trying to make an object-group of all my services and I can't seem to do it the same way I did my servers.

I have a service groups like this:

object-group service name_services udp

description DNS Services

port-object eq domain

I tried to make a new one for all of them:

firewall(config)# object-group service all_services tcp-udp

firewall(config-service)# ?

At the end of show <command>, use the pipe character '|' followed by:

begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

description Provide a description up to 200 characters.

group-object Configure an object group as an object

port-object Configure a port (service) object

firewall(config-service)# group-object ?

Usage: [no] group-object <object_group_id>

firewall(config-service)# group-object name_services

Adding obj to object-group (all_services) failed; obj and group type inconsistent

As you can see it fails saying it's not the same type? Any Ideas?

New Member

Re: Object-Group All Services

Hierarchical or nested obj-groups can only be of the same type. You have tried to nest different types of groups.

The following example shows how to use the object-group network subcommand to create a new network object group and map it to a existing object-group:

pixfirewall(config)# object-group network sjc_ftp_servers

pixfirewall(config-network)#network-object host sjc.ftp.servers

pixfirewall(configpixfirewall(config-network)#network-object host


pixfirewall(config-network)#group-object sjc_eng_ftp_servers


You will have to make your name-services group tcp-udp or your all-services group just udp to do this.



New Member

Re: Object-Group All Services


I can't make groups for tcp and udp then make a all group for udp-tcp.....!!!

Now I'm stuck with two bad options...

Either make the groups tcp-udp which I don't want to do, or make three groups for tcp, udp and icmp, which doubles my rules per server.

A clean solution like making a tcp-udp group with udp only and tcp only group-objects would be the way to go and Cisco should look into it.

CreatePlease to create content