Sometimes you see an FWSM rulebase that looks like a hatful of arseholes. It’s quite tempting to start cleanup using object groups. Some things to keep in mind:
– Check source destination IP addresses and put them in object groups first.
– Does a particular destination have several ports going to it? You can probably mop up then.
– Make sure that the similarities don’t catch you out.
Also, when you define a service port group you cannot reuse the same port object group name for different protocols, i.e. you can’t reuse an object group name because one is TCP and the other is UDP.
The Stupid Engineer 