Add Applications to an Existing Rule

Use Policy Optimizer to add apps seen on a port-based Security policy rule to an existing application-based rule.
In some cases, you may want to add applications learned (seen) on a port-based rule to an application-based rule that already exists. For example, an administrator may create a cloned application-based rule for file-sharing applications from a port-based rule that allows internet access (a port 80/443 rule). A few days later, the administrator notices that the port-based internet access rule has seen more file-sharing applications and wants to add some or all of them to the cloned application-based rule because cloning another application-based rule for the same type of application would create an unnecessary rule and complicate the rulebase.
This example uses file-sharing applications to show you how to add applications to an existing rule.
  1. You have already taken the following steps to clone an application-based rule from the port-based internet access rule so you can control file-sharing apps:
    1. Clicked
      (or the number in
      Apps Seen)
      Policy Optimizer
      No App Specified
      and filtered the file-sharing applications.
    2. Selected the desired file-sharing applications and created a cloned rule.
    3. Changed the Service from
  2. You check the port-based internet access rule later and discover that more file-sharing applications you need to allow for your business have been seen on the rule.
  3. Select the file-sharing apps you want to add to the existing rule.
  4. Click
    Add to Existing Rule
    and select the
    of the rule to which you want to add the applications, in this case,
  5. Click
    to add the selected applications to the
  6. The updated rule now controls the original cloned file-sharing applications and the applications you just added.

Recommended For You