Recommendation for inbound firewall rule configuration

Question

Have a voice application and it's documentation lists the following firewall rule requirements: 
 In TCP/UDP SIP (5060) In UDP 20000+ In TCP 80, 443, 36008, 3998, 4443, 5061, 6800-6802, 6806, 6807, 6881 Out TCP/UDP SIP (5060) Out UDP-rtp 1024-65535 Out TCP 5061, ssh (22) 
 I can create a service group that would cover unique items (example not http, https) 
 
 If the picture is hard to see here are the details of the service group 
 UDP (1:65535) / (20000:65535), TCP (1:65535) / (5060), TCP (1:65535) / (36008), TCP (1:65535) / (3998), TCP (1:65535) / (4443), TCP (1:65535) / (5061), TCP (1:65535) / (6800:6802), TCP (1:65535) / (6806:6807), TCP (1:65535) / (6881) 
 But how can I reference the service group in a inbound firewall rule? If I do a business application rule, forward options: Port, Port Range, Port List or Everything. I see no way to reference the service group. 
 If I want to be specific I have to do both TCP and UDP. This would result in NUMEROUS rules. Outside of just forwarding Everything, does someone have a recommendation as how to make use of the Service Groups for inbound firewall NATing? 
 NOTE: Running 16.05.5 MR-5 if that matters. 
 TIA

sachingurung · Answer

Hi Matt, 
 You need to manually define the ports in the Business Rule " Services ". You can raise this as a feature request on Sophos Ideas . 
 Thanks

Aditya Patel · Answer

Hi Matt, 
 True it is an issue for multiple service ports for Range/Single/multiple entries onto the single rule. 
 Please vote for the same existing feature request here .