diff --git a/controllers/acls.go b/controllers/acls.go
index ffaa66636..2871aef55 100644
--- a/controllers/acls.go
+++ b/controllers/acls.go
@@ -207,6 +207,10 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
 	acl.CreatedBy = user.UserName
 	acl.CreatedAt = time.Now().UTC()
 	acl.Default = false
+	if acl.ServiceType == models.Any {
+		acl.Port = []string{}
+		acl.Proto = models.ALL
+	}
 	// validate create acl policy
 	if !logic.IsAclPolicyValid(acl) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
diff --git a/logic/acls.go b/logic/acls.go
index bd9f40257..ff9a99e16 100644
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -325,6 +325,10 @@ func UpdateAcl(newAcl, acl models.Acl) error {
 		acl.Proto = newAcl.Proto
 		acl.ServiceType = newAcl.ServiceType
 	}
+	if newAcl.ServiceType == models.Any {
+		acl.Port = []string{}
+		acl.Proto = models.ALL
+	}
 	acl.Enabled = newAcl.Enabled
 	d, err := json.Marshal(acl)
 	if err != nil {