[RayPesek]

You really don't want to do that. When you push a policy, even if the SmartCenter is behind the firewall, the connection is to the EXTERNAL interface, through the firewall if need be. If you disable the external interface, you're probably hosed.

"fw unloadlocal" is not totally benign because it leaves the enforcement module unable to protect itself. On a Nokia, that's not necessarily bad. On a Windows enforcement module, it's not so good. :-)

Stopped logging? Can you SSH to it and make sure it's not out of disk space? When it can't contact the SmartCenter, it will begin to log locally.

I presume your SmartCenter is behind this firewall?

Ray