This use case shows how to migrate a port-based
policy that allows all web applications to an application-based
policy that allows only the applications you want, so you can safely
enable the applications you choose to allow. For rules that see
a lot of applications, cloning the original port-based rule is safer
than adding applications to the rule because adding replaces the
port-based rule, so if you inadvertently forget to add a critical
application, you affect application availability. And if you
Match
Usage
, which also replaces the port-based rule, you
allow all of the applications the rule has seen, which could be
dangerous, especially with web browsing traffic.