🧭 Overview
| Feature | Layer | Purpose | Affects Traffic |
|---|---|---|---|
| Category | Rule-level | For tagging and organizing firewall rules | ❌ No |
| Group | Interface/User-level | For combining interfaces or users under shared policy | ✅ Yes |
⚙️ Category
Purpose:
Categories are visual tags for firewall rules.
They do not change packet behavior — they simply help administrators organize, color-code, and filter rules.
Use cases:
- Separate rules by function:
VPN,LAN,DMZ,Logging - Assign rules by department:
IT-Team,HR-Team - Quickly filter using “Filter by Category” on the rules page
Path:
Firewall → Rules → (Select Interface) → Edit Rule → Category
Best Practices:
| Scenario | Example |
|---|---|
| Multi-department use | Categories named HR, IT, LOGISTICS |
| Project-based | D365, SAP, MAIL |
| Large rule sets | Color-coded for clarity |
🟢 Category = Management-only, no effect on traffic filtering.
⚙️ Group
Purpose:
Groups allow rules or permissions to apply collectively — either across multiple interfaces or users.
| Type | Description |
|---|---|
| Interface Group | Combines multiple interfaces (LAN, DMZ, VPN) under one logical firewall rule set. |
| User Group | Combines user accounts for access control (Captive Portal, VPN, Proxy ACL). |
Examples:
- Interface Group:
CreateInternal_NetincludingLAN,VLAN10, andVLAN20.
Apply firewall rules once to the group — all members inherit them. - User Group:
CreateVPN_Usersfor rico.wu,sam.lin,ada.chuang.
Use for VPN access or web proxy permissions.
Best Practices:
| Scenario | Tip |
|---|---|
| Multiple LAN/VLANs share same rules | Create Interface Group |
| Remote access users | Use User Group for access control |
| Reduce duplication | Manage rules at group level |
🟣 Group = Enforcement-level, directly affects filtering behavior.
⚖️ Comparison Table
| Item | Category | Group |
|---|---|---|
| Purpose | Organize rules | Combine rules/interfaces |
| Scope | Single rule | Multiple interfaces or users |
| Impact on traffic | ❌ None | ✅ Yes |
| Typical use | Label, filter | Apply shared policy |
| Level | Visual management | Logical enforcement |
| Location | Firewall → Rules | Firewall → Groups |
💡 Summary
- Category helps manage and find rules — good for organization.
- Group defines shared policies — good for simplification and consistency.
- Combine both:
- Use Group to unify control.
- Use Category to label and visualize rules.