Local alternative policies
SMC administrators can now define up to three local alternative policies which can be activated in cases where the connectivity between the NGFW Engine and the Management Server is lost. The administrators can select whether the normal policy (one pushed from the Management Server) or one of the local alternative policies is active on the NGFW Engine.
This capability provides limited support for NGFW backup use case where the centralized server may not be available and the local administrators may have a need to change the policy due to some tactical reason. However, there are few limitations with the current implementation:
- Only single engines are supported (Firewall, IPS or Layer2 Firewall).
- Master and virtual contexts are not supported.
- ECA Client configuration may not work properly when switching active policy.