So I unset the custom service I had already created by with WebGUI:
set service "IPsec-ESP" protocol 50 src-port 0-65535 dst-port 0-0
with the command:
unset service "IPsec-ESP"
Then I created it, as you recommended, with:
set service "IPsec-ESP" protocol 50
I then went to look at Configuration > Update > Config File and it was again:
set service "IPsec-ESP" protocol 50 src-port 0-65535 dst-port 0-0
So that seems to be what the system is going to do. I created a service group with this custom service and the predefined service of IKE and have set up a policy using that group. I am just about ready to do the phase I rollout (tomorrow evening it seems) and this will then be tested.