1
votes
Very often sites require different rules depending on what is required. By using a global policy you have no choice but to push the same config to all appliances. Having the ability to create, as an example, a firewall rule to block all outgoing traffic for site A,D and E, then we can push this one specific rule to site A, D and E's firewall app only. The current process is to use a master policy which will overwrite the entire config. Not every config is the same for every client. Being able to create individual rules for specific apps and pushing it to the specific appliance is great.