Limitations and Precautions for Smart Policy

Hardware Requirements

The smart policy function is supported by all models.

License Requirements

The smart policy function is not license-controlled.

Limitations

• The Policy Matching Analysis and Application Policy Tuning function do not support hot standby.
• The Policy Redundancy Analysis, Policy Matching Analysis and Application Policy Tuning function are not supported in a virtual system.
• The redundant policy analysis does not support service of the user-defined protocol.
• The device does not implement redundant policy analysis for disabled security policies or the security policies for which no action is specified.
• For the domain group matching condition, the redundant policy analysis determines whether a security policy is redundant based on only the domain group, but not based on domain names in the domain group.
• If the number of security policy rules configured on the device is too large and the matching conditions of the security policy are too complex (for example, the security policy references areas or the address set referenced by the security policy contains too many addresses), the policy redundancy analysis takes a long time.

Precautions

The policy matching analysis function depends on traffic reports. Before using the policy matching analysis function, you have to enable the traffic report function. The traffic report function can be enabled only in CLI mode. For versions earlier than V600R007C20SPC300, run the log type traffic enable command to enable the traffic report function; For V600R007C20SPC300 and later versions, run the log type traffic-report enable command to enable the traffic report function.