If you had worked with an earlier version of the product this can be a little confusing. As with your 'proxy' question, I suggest you have a look at Sam Liedl's document on how the various elements of v8 hang together.
In older versions of the product, the proxy/service definition included basic protocol settings and time-out values and if you then wanted to apply specific protocol-level tweaks (filtering out protocol commands and such like) you then created and applied an application defense to the rule.
With v8, the basic settings have been removed from the service definition - so if you create a service on TCP port 1234, that is all it is and nothing more. Now when you create the rule, you must apply an application defense [b]group[/b]. An application defense group must include a "generic" defense entry (this is the basic timeout values) and can then include one or more protocol-specific application defenses. How these are configured makes all the difference on how traffic passing through that rule is handled and this is what Sam's document explains.
Many thanks Phil i will have look.