Along with these application rules and use of policy optimizer to sort out traffic, what strategies are people using to get the what the essential applications are for inbound traffic? I've got a few rules that are port based and should be fairly specific as to the applications used, yet there are 60+ applications listed as seen on the rule. This doesn't seem likely and in a few instances even looking at the rule doesn't show what I'd expect for an application.
For example, we have an inbound rule to a netscaler for Vmware Horizon traffic and yet I see things like ms-ds-smb-base, mssql-db-base and ssh which isn't likely valid traffic but I see no Blast or Vmware-view application listed when Blast is the only protocol we use and it appears there is an application designation for Blast.
It would seem the inbound rules are the most important to tackle first but the types of services being used requires me to be careful not to break anything mission critical.
For what it is worth, there are Warning Signs (the red triangle) next to many applications that are listed which would seem to be a good indication these aren't valid traffic.
(This may warrant another topic and if so I'll create one.)
... View more