Use this feature to configure Access Control Lists (ACLs) on a managed device that do not directly reflect the ACLs configured on the controller. Specifically, a user can override the user-configured ACLs on the controller (generally inherited by the managed devices) so that ACLs allowing specific types of traffic from the controller-only are pushed to managed devices.