Convert the Most Stable Rules
Expand all | Collapse all
End-of-Life (EoL)
Convert the Most Stable Rules
Convert legacy port-based security policy rules that
have seen no new applications for a period of time to application-based
rules.
Convert port-based rules that have not seen
new applications for a reasonable period of time, which means the
rules have stabilized and you’re less likely to see new applications
on them. Clone these rules to ensure that if more applications match
the rule later, the port-based rule remains in the rulebase as long
as necessary as a safety net.
Take applications used
only for quarterly, annual, and other periodic events into account
when you evaluate whether you think new applications will match
the rule.
In , sort the rules
(descending) to show the rules with highest number of
Days
with No New Apps
at the top of the list.
The first three rules have seen no new applications for
fairly long periods of time and are candidates for conversion to
App-ID. (
Convert Simple Rules with Well-Known Apps After One Week describes
converting rules with few
Apps Seen
, such
as the smb rule, so this example focuses on the allow apps rule.)
Check
the
Modified
date because rules that haven’t
been modified for a long time are also likely to be more stable. Rules
that were modified recently may not have seen all the applications
that could match the rule.
Because more than a few
applications have been seen on the rule, clone the rule instead
of converting it directly to an App-ID based rule.
Click the number of
Apps Seen
to
open the
Applications & Usage
dialog.
Sort and filter the
Apps Seen
on
the rule to determine how to handle the applications.
Sorting or filtering by subcategory helps you understand
the traffic seen on rules that see more than a few applications.
For example, you can filter by the infrastructure subcategory to
see all the infrastructure applications and clone an App-ID based
rule to control them.
Follow Steps 4-7 in
Convert Internet Access Rules to create
a cloned rule that controls each subcategory (or related subcategories) of
applications you want to treat similarly.