USG6655E配置CIS联动失败

USG6655E里面有个CIS联动功能，首先在防火墙上配置安全策略【安全策略里面配置了源zone（trust）、目的zone（local）、源IP（CIS地址）、目的IP（防火墙本地地址）、服务（tcp：8447）】，然后在CIS里面已经完成配置之后，然后点击检测可用性，出现以下结果：

后面把防火墙上的安全策略进行修改，只保留zone（trust）、目的zone（local）、源IP（CIS地址），再次点击检测可用性，测试成功。如下图：

后面经过测试分析，发现usg66x5e v600r007sph002.pat这个补丁针对CIS联动场景中的安全策略目的zone为local的话，是不能写目的IP、服务的参数。然后尝试升级到最新补丁usg66x5e v600r007sph003.pat，升级完成后经过测试发现，在防火墙上重新配置精确的安全策略【安全策略里面配置了源zone（trust）、目的zone（local）、源IP（CIS地址）、目的IP（防火墙本地地址）、服务（tcp：8447）】，然后在CIS里面已经完成配置之后，然后点击检测可用性，测试成功，如下图：

解决方案：打上最新补丁，问题解决。

注意：usg66x5e v600r007sph002.pat升级到usg66x5e v600r007sph003.pat是无法直接升级，因为usg66x5e v600r007sph003.pat是新补丁而不是usg66x5e v600r007sph002.pat的增量补丁，如果直接升级新补丁，就会出现如下错误：
HRP_Mpatch load usg66x5ev600r007sph003.pat all run
Error: Failed to load the patch because the patch file cannot be obtained from the service pack.
所以需要先删除已有补丁，如下：
HRP_Mpatch delete all
This will delete the patch. Are you sure? [Y/N]y
Info: The master board does not have ENP patch to be deleted.
Info: The master board does not have BSP cold patch to be deleted...
Info: Succeeded in deleting the patch on the master board.
Info: The slot 11 does not have C patch to be deleted.
Info: The slot 12 does not have C patch to be deleted.
Info: The slot 13 does not have C patch to be deleted....
Info: Finished deleting the patch.
然后，重新加载新补丁包，如下：
HRP_Mpatch load usg66x5ev600r007sph003.pat all run
Info: The patch is being loaded. Please wait for a moment....
Info: Succeeded in running the patch on the master board.
Info: The slot 11 does not have C patch to be loaded.
Info: Succeeded in running the patch on slot 12.
Info: Succeeded in running the patch on slot 13.
Info: The master board does not have ENP patch to be loaded.
Info: The master board does not have BSP cold patch to be loaded.....
Info: Finished loading the patch.