ISB GmbH (Peer Dicken) said:

> This is much easier to handle, because you only need to define
> groups of machines and services and then configure your rules.

In my opinion, you forget another important benefit: it can also
eliminate lots of duplicate effort if you have several network
interfaces for which you want to have a similar set of basic rules.
I usually do quite some cutting and pasting in the config.xml file
because maintaining rule sets over several interfaces is a bit
cumbersome through the web gui. Not really pleasant because of the
reboot after uploading the edited version...

--Bart