View Security policy rules that match new App-ID Cloud
Engine (ACE) applications
The Policy OptimizerNew
App Viewer shows you the Security policy rules that
match downloaded cloud App-IDs from ACE. Use Policy Optimizer to
manage the newly identified applications and add them to cloned
rules or to existing rules. Select PoliciesSecurity and then select New
App Viewer in the Policy Optimizer portion
of the interface.
The upper portion of the screen is similar to ObjectsApplication Filters.
It works in a similar manner and filters the Security policy rules
shown in the lower portion of the screen. You can filter the rules
that allow applications by category, subcategory, etc. The only
categories and subcategories available for filtering are the ones
that match the new applications on the rules listed in the lower
half of the screen, so you don’t waste your time filtering for applications
that aren’t there.
When you filter the rules, only the rules that include the filtered
applications are shown in the lower portion of the screen. Rules
that have not seen the apps in the filter are removed from the list.
(You can see them all again by removing the filter.)
Click the number in the Apps Seen column
to open the Applications & Usage dialog
to change the way the firewall handles the cloud-based applications
in Security policy. Add ACE App-IDs to Security policy rules using
an Application Filter, an Application Group, Policy Optimizer, or
by directly adding an ACE App-ID to a rule. Until you take one of
these actions to control cloud-delivered App-IDs, the firewall continues
to treat the traffic as ssl or web-browsing traffic and uses existing
ssl or web-browsing Security policy rules to control the applications.