Migrating local rules on a firewall to manage them in SMC

When a pool of firewalls in production is connected to SMC, proceed as follows to manage rules that already exist on a firewall in SMC:

  1. Import rules from a firewall onto the SMC server by following the procedure set out in Importing rules from connected firewalls.
  2. The Use case examples may give you ideas on choosing how to organize newly imported rules.
  3. In SMC, deploy the rules on the firewall in question. They will appear in the firewall's global policy and will be applied as a priority.
  4. Ensure that this new organization functions properly.
  5. If necessary, define a "Block all" rule as the last low-priority rule in the MySMC folder in order to ignore the rules found in the firewalls' local security policy.
  6. When the process is complete, delete the rules that have been migrated from the firewall's local policies to SMC.

If you do not create a "Block all" as the last rule in SMC, local filter and NAT rules, i.e., those created directly on a firewall, will be read after global rules (originating from SMC).