To simplify the creation of security rules, applications requiring the same
security settings can be combined into an application group. An application group is an
object that contains
applications that you want to treat similarly in
security rules. Application groups are useful for enabling access to applications that you
explicitly sanction for use within your organization. Grouping sanctioned applications
simplifies the administration of your rulebases. Instead of having to update individual
security rules when there is a change in the applications you support, you can update only
the affected application groups.