Network Objects/Groups are currently limited to:
- Individual and Template Networks: Layer 3 Inbound, Layer 3 Outbound, and Failover Cellular Firewall Rules.
- Organization-wide Site to Site VPN Outbound Firewall Rules.
Using them for Port Forwarding rules will be a feature request at the moment. We should soon extent the usability in the future.