Convert Rules with Few Apps Seen Over a Time Period
Expand all | Collapse all
Convert Rules with Few Apps Seen Over a Time Period
Convert legacy port-based security policy rules that
have seen the fewest applications to application-based rules.
Rules with relatively few
Apps
Seen
and with no new applications seen over a long enough
time period may be easy to convert, relatively stable, and easy
to identify using filters.
In , filter the
rules to display only rules with a low number of
Apps Seen
and
that have seen no applications over a specific time period.
This example filters for rules that have seen three or
fewer applications
(apps seen count leq ‘3’)
and
for which no applications have been seen for at least 30 days
(days no new app count geq ‘30’)
.
Select a rule to convert and click the number of
Apps Seen
.
In the
Applications & Usage
dialog, decide
whether you want to allow all of the applications and if they should
be in the same rule—that is, decide whether the applications require
similar treatment in terms of access and security.
If you want to allow all of the applications and they require
similar treatment, you can
Match Usage
and
replace the port-based rule with the new App-ID based rule.
If
you want to allow all of the applications but they require different
treatment, clone the rule for each set of applications that requires
different treatment. For example, if a port-based rule allows three
applications and two of them are email applications and one is an
infrastructure application, you may want to clone one rule for the email
applications and another for the infrastructure application.
If
you want to allow some applications and deny others:
Clone
one or more rules for the applications you want to keep and monitor
the original port-based rule to ensure that the applications you
don’t want to keep are the only ones that match that rule. When
enough time has passed that you feel confident no applications you
want to allow match the port-based rule, you can disable or delete
it. Steps 4-7 in
Convert Internet Access Rules show how to
create a cloned rule.
If you’re confident you know which applications you want
to allow and which applications you want to block:
If
the applications you want to allow require similar treatment, use
Add
to Rule
to replace the port-based rule with an application-based
rule that allows only the applications you added to the rule. The
applications you don’t add to the rule are blocked unless you allow
them in another rule.
If the applications you want to allow require different treatment, clone
application-based rules for the applications you want to allow from
the port-based rule. If you’re still confident it’s OK to block
the remaining applications, you can disable (or delete) the port-based rule.