Skip to content

Difference between Port-Object and Service-Object

When it comes to Cisco ASA, both Port-Object and Service-Object achieve the same result. However, application of extended Access Control List (ACL) and calling the Port-Object or Service-Object would differ in the ACL statement.

Below, we look at two tcp protocols, namely www and https defined using Port-Object and Service-Object as follows…

Port Object

 port-object eq www
 port-object eq https

Service Object

 service-object tcp eq 80
 service-object tcp eq 443```

The port-object defines the object name and the protocol in the object statement, while the service-object defines the protocol and the port together. The following ACL explains that...

**Port-Object within an extended ACL**  
The port-object is defined at the end of the ACL.

```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit tcp NETWORK SUBNET any object-group WEB-PORTS```

**Service-Object within an extended ACL**  
While the service-object statement is replaced as a substitute for the protocol with the ACL.

```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit object-group WEB-PORTS NETWORK SUBNET any```
comments powered by Disqus