Use Policy Optimizer to add apps seen on a port-based
Security policy rule to an existing application-based rule.
In some cases, you may want to add applications
learned (seen) on a port-based rule to an application-based rule
that already exists. For example, an administrator may create a
cloned application-based rule for file-sharing applications from
a port-based rule that allows internet access (a port 80/443 rule).
A few days later, the administrator notices that the port-based
internet access rule has seen more file-sharing applications and
wants to add some or all of them to the cloned application-based
rule because cloning another application-based rule for the same
type of application would create an unnecessary rule and complicate
This example uses file-sharing applications
to show you how to add applications to an existing rule.
You have already taken the following steps to
clone an application-based rule from the port-based internet access
rule so you can control file-sharing apps:
No App Specified
the file-sharing applications.
Selected the desired file-sharing applications and created
a cloned rule.
Changed the Service from
You check the port-based internet access rule later and
discover that more file-sharing applications you need to allow for
your business have been seen on the rule.
Select the file-sharing apps you want to add to the existing
Add to Existing Rule
of the rule to which you
want to add the applications, in this case,
to add the selected applications
The updated rule now controls the original cloned file-sharing
applications and the applications you just added.