After several months of monitoring your initial
internet gateway best practice security policy, you should see less
and traffic hitting the temporary rules as you make adjustments
to the rulebase. When you no longer see any traffic hitting these
rules, you have achieved your goal of transitioning to a fully application-based
Security policy rulebase. At this point, you can finalize your policy
rulebase by removing the temporary rules, which includes the rules
you created to block bad applications and the rules you created
for tuning the rulebase.