Moving prefilter rules to an access control policy

You can move prefilter rules from a prefilter policy to the associated access control policy.

Before you begin

Note the following conditions before you proceed:

Only prefilter rules can be moved to an access control policy. Tunnel rules cannot be moved.
The prefilter rules can be moved only to an access control policy that uses the prefilter policy. Because you can use the same prefilter policy in multiple access control policies, you need to select the policies to which the rule should be moved.
The prefilter rules that use interface groups to define interface criteria cannot be moved. You can move only those rules that use security zones, or that include no interface criteria.
The Action parameter in the prefilter rule is changed to a suitable action in the access control rule when moved.
- Analyze becomes allow.
- Block becomes block.
- Fastpath becomes trust.
The logging configuration in the rule is retained.
The comments in the prefilter rule configuration are lost after moving the rule. However, a new comment is added in the moved rule mentioning the source prefilter policy.
While moving rules from the source policy, if another user modifies those rules, you are warned. You can continue with the process after refreshing the page.

Step 1

In the prefilter policy editor, select the rules that you want to move with a left-click on your mouse.

Tip	To select multiple rules, use Shift+click.

Step 2

Right-click the selected rules and choose Move to another policy.

Step 3

Select the destination access control policies and click Add to add them to the list of selected policies.

Step 4

From the Place Rules drop-down list, choose where you want to position the moved rules:

To position as the last set of rules in the Default section, choose At the bottom (within the Default section).
To position as the first set of rules in the Mandatory section, choose At the top (within the Mandatory section).

Step 5

Click Move.