Convert Rules That See the Most Traffic

Convert legacy port-based security policy rules that have seen the largest amount of traffic in bytes over the past 30 days to application-based rules.
Sorting for rules that have seen the most traffic over the past 30 days (
Traffic (Bytes, 30 days)
) shows you the current most active rules. (A longer time frame places can mislead you by emphasizing older rules that remain at the top of the list because they have large cumulative totals, even if they no longer see much traffic.) Converting these rules to App-ID based rules safeguards the largest amount of traffic for your effort.
If multiple rules see a lot of traffic, use the
Policies
Security
Policy Optimizer
No App Specified
information to help prioritize which rules to convert first. For example, you could prioritize rules with the most
Apps Seen
(potentially the riskiest rules) or rules the with most
Days with No New Apps
and the oldest
Modified
date (the most stable high-traffic rules).
  1. In
    Policies
    Security
    Policy Optimizer
    No App Specfied
    , sort the rules in descending order by
    Traffic (Bytes, 30 days)
    to place the most recently active rules at the top of the list.
    sort-on-traffic-30-days-descending-rules-with-most-traffic.png
  2. Select a rule to begin converting and click the number of
    Apps Seen
    .
  3. In the
    Applications & Usage
    dialog, sort and filter the
    Apps Seen
    on the rule to determine how to handle the applications.
    Sort or filter by application subcategory to group applications that may require similar treatment and can be controlled in one application-based rule. Sort on
    Traffic (30 days)
    to see the amount of recent traffic on individual applications to prioritize the currently most active applications.
  4. Follow Step 4 through Step 7 in Convert Internet Access Rules to create a cloned rule that controls each subcategory (or related subcategories) of applications you want to treat similarly.

Recommended For You