I understand that there are a number of restrictions with managing the auxiliary FW when in HA Active-Active mode.
However, the permissions logic for 'classifying' cloud applications does not make sense given the firewalls maintain separate lists.
In email logs for example the FWs also keep separate lists in HA Active-Active mode, but allow me to manipulate email in quarantine, for example, on the separate list from the auxiliary FW.
However when trying to classify cloud applications on the auxiliary FW the insufficient permission pop-up appears not allowing you to make the change. As I mentioned I dont think this makes sense given the aux FW maintains a separate list, and the aux FW cloud applications list cant be seen and managed anywhere else (primary FW or Sophos Central).
The workaround is to switch the primary and auxiliary FW and then make the change, but this is clumsy and seems an unnecessary step.
Have I got this wrong? Is there a better way than switching Pri-Aux. If not then I suggest a permsission logic change in a future update.
Thanks
This thread was automatically locked due to age.