When it comes to Cisco ASA, both Port-Object and Service-Object achieve the same result. However, application of extended Access Control List (ACL) and calling the Port-Object or Service-Object would differ in the ACL statement.
Below, we look at two tcp protocols, namely www and https defined using Port-Object and Service-Object as follows…
port-object eq www port-object eq https
service-object tcp eq 80 service-object tcp eq 443``` The port-object defines the object name and the protocol in the object statement, while the service-object defines the protocol and the port together. The following ACL explains that... **Port-Object within an extended ACL** The port-object is defined at the end of the ACL. ```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit tcp NETWORK SUBNET any object-group WEB-PORTS``` **Service-Object within an extended ACL** While the service-object statement is replaced as a substitute for the protocol with the ACL. ```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit object-group WEB-PORTS NETWORK SUBNET any```