Add Applications to an Existing Rule
Table of Contents
Add Applications to an Existing Rule
Use Policy Optimizer to add apps seen on a port-based
Security policy rule to an existing application-based rule.
In some cases, you may want to add applications
learned (seen) on a port-based rule to an application-based rule
that already exists. For example, an administrator may create a
cloned application-based rule for file-sharing applications from
a port-based rule that allows internet access (a port 80/443 rule).
A few days later, the administrator notices that the port-based
internet access rule has seen more file-sharing applications and
wants to add some or all of them to the cloned application-based
rule because cloning another application-based rule for the same
type of application would create an unnecessary rule and complicate
the rulebase.
This example uses file-sharing applications
to show you how to add applications to an existing rule.
- You have already taken the following steps to
clone an application-based rule from the port-based internet access
rule so you can control file-sharing apps:
- Clicked Compare (or the number in Apps Seen) in and filtered the file-sharing applications.
![]()
- Selected the desired file-sharing applications and created a cloned rule.
![]()
- Changed the Service from service-http and service-https to application-default.
- You check the port-based internet access rule later and
discover that more file-sharing applications you need to allow for
your business have been seen on the rule.
![]()
- Select the file-sharing apps you want to add to the existing
rule.
![]()
- Click Add to Existing Rule and
select the Name of the rule to which you
want to add the applications, in this case, file-sharing-apps.
![]()
- Click OK to add the selected applications
to the file-sharing-apps rule.
![]()
- The updated rule now controls the original cloned file-sharing
applications and the applications you just added.
![]()
