An easy way to figure out how a Security Policy works is to remember: All of the items in a column are OR'd together. All of the columns are AND'd together. So, ( application1 OR application2 ) AND ( service1 OR service2 ) must match to allow the traffic through. In your specific case, you'd want to create two separate policies: 1. to allow web-browsing application on service 8080/tcp and 8081/tcp 2. to allow ssh application on service application-default You could create a single policy with ssh and web-browsing applications, and 22/tcp, 8080/tcp, 8081/tcp, if you're okay with the possibility of SSH traffic being allowed on ports 8080/8081, and web browsing being allowed on port 22. This is where adding in the source / destination IPs can be used to lock the rule down further.
... View more