Convert Rules That See the Most Traffic

Convert legacy port-based security policy rules that have seen the largest amount of traffic in bytes over the past 30 days to application-based rules.
Sorting for rules that have seen the most traffic over the past 30 days (Traffic (Bytes, 30 days)) shows you the current most active rules. (A longer time frame places more emphasis on older rules that remain at the top of the list because they have large cumulative totals, even if they no longer see much traffic.) Converting these rules to App-ID safeguards the largest amount of traffic for the effort.
If multiple rules see a lot of traffic, use the PoliciesSecurityPolicy OptimizerNo App Specified information to help prioritize which rules to convert first. For example, you could prioritize rules with the most Apps Seen (could be the riskiest rules) or rules the with most Days with No New Apps and the oldest Modified date (the most stable high-traffic rules).
  1. In PoliciesSecurityPolicy OptimizerNo App Specfied, sort the rules descending by Traffic (Bytes, 30 days) to place the most recently active rules at the top of the list.
    sort-on-traffic-30-days-descending-rules-with-most-traffic.png
  2. Select a rule to begin converting and click the number in its Apps Seen column.
  3. In the Applications & Usage dialog, sort and filter the Apps Seen on the rule to determine how to handle the applications.
    Sort or filter by application subcategory to group applications that may require similar treatment and can be controlled in one application-based rule. Sort on Traffic (30 days) to see the amount of recent traffic on individual applications to prioritize the current most active applications.
  4. Follow Steps 4-7 in Convert the Internet Access Rules to create a cloned rule to control each subcategory (or related subcategories) of applications you want to treat similarly.

Related Documentation