Systems and methods for an SDN switch that provides service group chaining for sequentially serving multiple network security devices are provided. According to one embodiment, a packet received by the switch is processed by a first FPU based on a first set of rules and forwarded conditionally to a first security device. The packet is security processed, including dropping it or forwarding it to an egress port or forwarding it to a second FPU. When forwarded to the second FPU, the packet is processed based on a second set of rules by forwarding it to a second security device or dropping it or forwarding it to the egress port. When forwarded to the second security device, the packet is security processed, including dropping it or forwarding it to the egress port or conditionally forwarding it to a third FPU to be sequentially forwarded to a third security device.