Allow DNS-groups or Availability Groups on Centralized Management
If a SUM is hosted inhouse and external UTMs connect only Hosts/DNS-hosts are allowd as destination system (SUM).
If the main WAN connection fails, configuraton can not the altered using the SUM (e.g. to redeploy VPN tunnels to a backup connection (so switch the Tunnel interface))
It would be helpful to have DNS-groups or Availability groups enabled for this purpose.
I understand that the SUM has to be unique for the management to work. So this might be an issue that requires the admin to understand what he does, but the current configuration options do not allow easy failover