When it comes to Cisco ASA, both Port-Object and Service-Object achieve the same result. However, application of extended Access Control List (ACL) and calling the Port-Object or Service-Object would differ in the ACL statement.
Below, we look at two tcp protocols, namely www and https defined using Port-Object and Service-Object as follows…
Port Object
port-object eq www
port-object eq https
Service Object
service-object tcp eq 80
service-object tcp eq 443```
The port-object defines the object name and the protocol in the object statement, while the service-object defines the protocol and the port together. The following ACL explains that...
**Port-Object within an extended ACL**
The port-object is defined at the end of the ACL.
```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit tcp NETWORK SUBNET any object-group WEB-PORTS```
**Service-Object within an extended ACL**
While the service-object statement is replaced as a substitute for the protocol with the ACL.
```access-list <abbr title="Access Control List">ACL</abbr>_in extended permit object-group WEB-PORTS NETWORK SUBNET any```