Security Policy Optimizer
- Policies > Security > Policy Optimizer
PoliciesSecurityPolicy Optimizer displays:
- No App Specified—Rules that have the application set to any, so you can identify port-based rules to convert to application-based rules.
- Unused Apps—Rules that include applications that have never matched the rule.
The name of the Security policy rule.
Any services associated with the Security policy rule.
Traffic (Bytes, 30 days)
Traffic (30 days)—The amount of traffic in bytes seen during the last 30-day period.
A longer time period would result in the oldest rules remaining at the top of the list because they are likely to have the most cumulative traffic. This can result in newer rules being listed below older rules even if the newer rules see heavy traffic.
The applications that the rule allows. Open the Application dialog, from which you can add and delete applications on the rule.
The number of applications seen on the rule. Click the number to open the Applications & Usage dialog, which enables you to compare the applications configured on the rule against the applications seen on the rule and to modify the applications.
Day with No New Apps
The number of days since the last new application was seen on the rule.
Opens the Applications & Usage dialog to compare the applications configured on the rule against the applications seen on the rule and modify the rule.
The most recent time that traffic matched the rule.
The first time that traffic matched the rule.
The date and time that the rule was last modified.
The date and time that the rule was created.
Sorting and Filtering Security Policy Rules
Use application usage information to prioritize which rules to migrate from port-based to app-based rules or to clean up (remove unused apps) first. ...
Applications and Usage Policies > Security > Policy Optimizer > No App Specified > Compare (or click the number in Apps Seen) Policies > Security ...
Identify Security Policy Rules with Unused Applications
Policy Optimizer finds Security policy rules that specify applications not seen on your network so you can remove the unused apps to reduce the attack ...
Convert the Web Access Rule Using Subcategories
Convert legacy port-based HTTP/HTTPS (port 80/443) internet access rules to application-based rules. ...
Migrate Port-Based to App-ID Based Security Policy Rules
Policy Optimizer converts port-based Security policy rules to app-based rules without compromising app availability to safely enable applications. ...
Convert Rules with the Most Traffic
Convert legacy port-based security policy rules that have seen the largest amount of traffic in bytes over the past 30 days to application-based rules. ...
Convert Simple Rules with Few Well-Known Applications
Convert legacy port-based security policy rules that control a small number of well-known applications after one week of monitoring production traffic. ...
Convert Rules With Few Apps Seen Over a Time Period
Convert legacy port-based security policy rules that have seen the fewest applications to application-based rules. ...
Enable or Disable Policy Optimizer
Policy Optimizer provides many capabilities that make it easier to migrate to an application-based Security policy but you may disable it if you wish. ...