The affected device uses the same base access-control policy (and same pre-filter policy) as all our other inline firewalls. Where we have sites that need additional rules, we create a child policy that inherits from the base access-control policy. I...