Add Applications to an Existing Rule
Use Policy Optimizer to add apps seen on a port-based Security policy rule to an existing application-based rule.
In some cases, you may want to add applications learned (seen) on a port-based rule to an application-based rule that already exists. For example, an administrator may create a cloned application-based rule for file-sharing applications from a port-based rule that allows internet access (a port 80/443 rule). A few days later, the administrator notices that the port-based internet access rule has seen more file-sharing applications and wants to add some or all of them to the cloned application-based rule because cloning another application-based rule for the same type of application would create an unnecessary rule and complicate the rulebase.
This example uses file-sharing applications to show you how to add applications to an existing rule.
- You have already taken the following steps to
clone an application-based rule from the port-based internet access
rule so you can control file-sharing apps:
- Clicked Compare (or the number in Apps Seen) in PoliciesSecurityPolicy OptimizerNo App Specified and filtered the file-sharing applications.
- Selected the desired file-sharing applications and created a cloned rule.
- Changed the Service from service-http and service-https to application-default.
- You check the port-based internet access rule later and discover that more file-sharing applications you need to allow for your business have been seen on the rule.
- Select the file-sharing apps you want to add to the existing rule.
- Click Add to Existing Rule and select the Name of the rule to which you want to add the applications, in this case, file-sharing-apps.
- Click OK to add the selected applications to the file-sharing-apps rule.
- The updated rule now controls the original cloned file-sharing applications and the applications you just added.
Convert the Web Access Rule Using Subcategories
Convert legacy port-based HTTP/HTTPS (port 80/443) internet access rules to application-based rules. ...
Convert Rules With Few Apps Seen Over a Time Period
Convert legacy port-based security policy rules that have seen the fewest applications to application-based rules. ...
Rule Cloning Migration Use Case: Web Browsing and SSL Traffic
Example of migrating port-based Security policy rules for web browsing and SSL traffic to app-based rules without affecting application availability. ...
Migrate Port-Based to App-ID Based Security Policy Rules
Policy Optimizer converts port-based Security policy rules to app-based rules without compromising app availability to safely enable applications. ...
Applications and Usage Policies > Security > Policy Optimizer > No App Specified > Compare (or click the number in Apps Seen) Policies > Security ...
Security Policy Rule Optimization
Migrate port-based Security rules to app-based rules, remove unused apps from rules, and safely enable apps without compromising availability. ...
Migrate to Application-Based Policy Using Policy Optimizer
Convert legacy port-based Security policy rules to application-based rules to gain visibility into and control over applications. ...
Convert the Most Stable Rules
Convert legacy port-based security policy rules that have seen no new applications for a period of time to application-based rules. ...
Convert Rules with the Most Traffic
Convert legacy port-based security policy rules that have seen the largest amount of traffic in bytes over the past 30 days to application-based rules. ...