Convert the Most Stable Rules

Convert legacy port-based security policy rules that have seen no new applications for a period of time to application-based rules.
Convert port-based rules that have not seen new applications for a reasonable period of time, which means the rules have stabilized and you’re less likely to see new applications on them. Clone these rules to ensure that if more applications match the rule later, the port-based rule remains in the rulebase as long as necessary as a safety net.
Take applications used only for quarterly, annual, and other periodic events into account when you evaluate whether you think new applications will match the rule.
  1. In
    Policies
    Security
    Policy Optimizer
    No App Specfied
    , sort the rules (descending) to show the rules with highest number of
    Days with No New Apps
    at the top of the list.
    filter-on-days-with-no-new-apps-stability.png
    The first three rules have seen no new applications for fairly long periods of time and are candidates for conversion to App-ID. (Convert Simple Rules with Well-Known Apps After One Week describes converting rules with few
    Apps Seen
    , such as the smb rule, so this example focuses on the allow apps rule.)
    Check the
    Modified
    date because rules that haven’t been modified for a long time are also likely to be more stable. Rules that were modified recently may not have seen all the applications that could match the rule.
    Because more than a few applications have been seen on the rule, clone the rule instead of converting it directly to an App-ID based rule.
  2. Click the number of
    Apps Seen
    to open the
    Applications & Usage
    dialog.
    apps-and-usage-allow-apps.png
  3. Sort and filter the
    Apps Seen
    on the rule to determine how to handle the applications.
    Sorting or filtering by subcategory helps you understand the traffic seen on rules that see more than a few applications. For example, you can filter by the infrastructure subcategory to see all the infrastructure applications and clone an App-ID based rule to control them.
    allow-apps-infrastructure-filter.png
  4. Follow Step 4 through Step 7 in Convert Internet Access Rules to create a cloned rule that controls each subcategory (or related subcategories) of applications you want to treat similarly.

Recommended For You