Distributing a Policy to the Network55When you feel comfortable with the policies, you can remove the test mode to fullyimplement the policies into your system.Distributing a Policy to the NetworkDistributing a policy consists of sending a policy out to one or more EFW devices. Thisdistribution happens whenever you assign a new device set to a policy or save a policy ora rule set that is used by a policy. If a device is not online when the Management Consoleinitiates the action, the policy is distributed to the device when the Policy Server receivesthe next wake-up or heartbeat from the device. If you do wish to check whether or notthe policy being enforced on a NIC is current, or to immediately update it, or both, use theStatus button on the NIC window.When a policy or new configuration information is distributed to EFW devices after savingit, you see a window indicating the progress of its distribution. The following counts willappear in the window: Pending—Distribution processing for these devices has not yet completed. Successful—Policy or configuration information has been successfully distributed tothese devices. Failed—The system encountered an error condition before attempting to contact adevice. The policy may contain an unresolveable IP address or may be too large for thetarget device. The system may not have a primary or backup policy server available forthe device, or encountered some other unexpected error when preparing to performthe distribution. This distribution is attempted again (and may fail again) when thedevice next sends a wake-up or heartbeat, assuming the policy or configurationchange that initiated this distribution remains in place. Skipped—Devices have not yet made first contact with the domain, so a distributionwas not attempted. Distribution is attempted again when devices make first contact,assuming the policy or configuration change that initiated this distribution remainsin place. Timed Out—Devices did not respond to the distribution. Devices may be offline,there may be network problems that prevent the device from being reached, or thePolicy Server did not receive an acknowledgement from the NIC that it received thedistribution. Distribution is attempted again when the device next sends a wake-up orheartbeat, assuming the policy or configuration change that initiated this distributionremains in place.NOTE: Removing a rule that was in test mode may cause different audit records tobe generated for rules in test mode that came after it in the ACL. The differenceoccurs because only one (the first) audit record is generated for each packet due toa test mode rule.NOTE: You cannot distribute a policy to an EFW device if that system is running in alow power mode, such as standby. Also a NIC that is in a low power mode is notshown as responding.NOTE: If the Failed, Skipped, or Timed Out count is non-zero, click the Details buttonto display a list of NICs to which the policy could not be distributed and the details onthe errors.