Create the mapping under Services > Application Visibility & Control > Applications and Services
Create a Traffic Classification Rule and define the port number and protocol.
In PI2.0 this gets set under the Inventory Collection setting.Goto Administration > System SettingsChoose Inventory on left side panelUncheck the option "Enable Syslog and Traps on a device"
One method I use to fail-open if all your PSN's are unavailable is to use the EEM to monitor the switch syslog.This script inserts a "permit ip any any" on your first line of the default acl. Hope this helps.event manager applet default-acl-fallback...