Add Applications to an Existing Rule

Use Policy Optimizer to add apps seen on a port-based Security policy rule to an existing application-based rule.
In some cases, you may want to add applications learned (seen) on a port-based rule to an application-based rule that already exists. For example, an administrator may create a cloned application-based rule for file-sharing applications from a port-based rule that allows internet access (a port 80/443 rule). A few days later, the administrator notices that the port-based internet access rule has seen more file-sharing applications and wants to add some or all of them to the cloned application-based rule because cloning another application-based rule for the same type of application would create an unnecessary rule and complicate the rulebase.
This example uses file-sharing applications to show you how to add applications to an existing rule.
  1. You have already taken the following steps to clone an application-based rule from the port-based internet access rule so you can control file-sharing apps:
    1. Clicked Compare (or the number in Apps Seen) in PoliciesSecurityPolicy OptimizerNo App Specified and filtered the file-sharing applications.
    2. Selected the desired file-sharing applications and created a cloned rule.
    3. Changed the Service from service-http and service-https to application-default.
  2. You check the port-based internet access rule later and discover that more file-sharing applications you need to allow for your business have been seen on the rule.
  3. Select the file-sharing apps you want to add to the existing rule.
  4. Click Add to Existing Rule and select the Name of the rule to which you want to add the applications, in this case, file-sharing-apps.
  5. Click OK to add the selected applications to the file-sharing-apps rule.
  6. The updated rule now controls the original cloned file-sharing applications and the applications you just added.

Related Documentation