Application-default—which enables you to
allow applications only on their most commonly-used ports—now enforces strict default port usage strict standard
port usage for certain applications that use a different default
port when they are encrypted: web-browsing, SMTP, FTP, LDAP, POP3,
and IMAP. For example, with SSL decryption turned on, application-default
differentiates between cleartext and encrypted web-browsing traffic
and strictly enforces: cleartext web-browsing traffic
(HTTP) on port 80 and encrypted web-browsing traffic (HTTPS) on port 443.
Application-default is a best practice
for application-based Security policy rules—it reduces administrative
overhead and closes security gaps that port-based policy introduces.
|