In a large environment, especially one with rate-limited addresses between sites, client policy replication to MPs can sometimes fail. This can cause a situation where the policy looks fine at the console but is not being picked up by clients. To facilitate testing for this situation, I have written a tool that will allow you to select a policy and then check that policy via HTTP pulls to all of the MPs.
Posted by scomnivore 