Convert Rules That See the Most Traffic
Table of Contents
Convert Rules That See the Most Traffic
Convert legacy port-based security policy rules that
have seen the largest amount of traffic in bytes over the past 30
days to application-based rules.
Sorting for rules that have seen the most
traffic over the past 30 days (Traffic (Bytes, 30 days))
shows you the current most active rules. (A longer time frame places
can mislead you by emphasizing older rules that remain at the top
of the list because they have large cumulative totals, even if they
no longer see much traffic.) Converting these rules to App-ID based
rules safeguards the largest amount of traffic for your effort.
If
multiple rules see a lot of traffic, use the information
to help prioritize which rules to convert first. For example, you
could prioritize rules with the most Apps Seen (potentially
the riskiest rules) or rules the with most Days with
No New Apps and the oldest Modified date
(the most stable high-traffic rules).
- In , sort the rules
in descending order by Traffic (Bytes, 30 days) to
place the most recently active rules at the top of the list.
![]()
- Select a rule to begin converting and click the number of Apps Seen.
- In the Applications & Usage dialog,
sort and filter the Apps Seen on the rule
to determine how to handle the applications.Sort or filter by application subcategory to group applications that may require similar treatment and can be controlled in one application-based rule. Sort on Traffic (30 days) to see the amount of recent traffic on individual applications to prioritize the currently most active applications.
- Follow Steps 4-7 in Convert Internet Access Rules to create a cloned rule that controls each subcategory (or related subcategories) of applications you want to treat similarly.
