Moving from a port-based security policy to an application-based security policy may seem like a daunting task. However, the security risks of sticking with a port-based policy far outweigh the effort required to implement an application-based policy. And, while legacy port-based security policies may have hundreds, if not thousands of rules (many of which nobody in the organization knows the purpose), a best practice policy has a streamlined set of rules that align with your business goals, simplifying administration and reducing the chance of error. Because the rules in an application-based policy align with your business goals and acceptable use policies, you can quickly scan the policy to understand the reason for each and every rule.
As with any technology, there is usually a gradual approach to a complete implementation, consisting of carefully planned deployment phases to make the transition as smooth as possible, with minimal impact to your end users. Generally, the workflow for implementing a best practice internet gateway security policy is: