Create and Manage Policy Versions

You create a policy version by taking a snapshot of another policy. You can create versions for all types of policies including All Devices, Group, Device, and Device exceptions.

The maximum number of versions maintained for any policy is 60. If the maximum limit is reached, you must delete the unwanted versions before saving a new version. Versioning and rollback are independent operations for each policy.

For example, if you take a snapshot of a group firewall policy, or roll back to a previous firewall policy version, it does not change the version for all device policy rules; you must separately version each policy rule.

Create Policy Snapshots

Procedure

To create a policy version:

  1. Select Configure > IPS Policy > Policies.
  2. Select the check box next to the policy for which you are taking a snapshot, and then right-click the policy or click More.

    A list of actions appears.

  3. Select Manage/Rollback Policy.

    The Manage Version page appears.

  4. Click Create Snapshot.

    The Snapshot Policy page appears.

  5. Enter your comments in the Comments field, and click Create to take a snapshot. The Snapshot Policy window appears, showing the status of the version as it is created.

    Note During policy publish, Security Director takes an automatic snapshot of the policy.

Manage Policy Versions

You can view or manage all available versions of a selected policy. You can perform the following tasks on the snapshots:

Roll Back Policy Versions

Procedure

To roll back the selected version so it becomes the current version:

  1. Select Configure > IPS Policy > Policies.
  2. Select the check box next to the policy for which you are rolling back a version, and then right-click the policy or click More.

    A list of actions appears.

  3. Select Manage/Rollback Policy.

    The Manage Version page appears.

  4. Select the version that you want to make as the current version, and click Rollback.

    The rollback operation replaces all the rules and rule groups of the current version with rules and rule groups from the selected version. For all the shared objects, Object Conflict Resolution (OCR) is done. If there are any conflicts between the versioned data and the current objects in the system, the OCR window is displayed.

  5. After finishing any conflict resolution, click Next to view the OCR summary report.
  6. Click Finish to replace the current policy with the versioned data. A summary of the snapshot policy is shown by clicking Snapshot.

Compare Policy Versions

Procedure

To compare two different versions of a policy:

  1. Select Configure > IPS Policy > Policies.
  2. Select the check box next to the policy for which you want to compare versions, and then right-click the policy or click More.

    A list of actions appears

  3. Select Manage/Rollback Policy.

    The Manage Version page appears.

  4. Select the versions to be compared, and click Compare. You can only compare two versions at a time.

    The Compare Versions page appears.

  5. Click Compare to view the results.

    A Compare Versions results window appears showing the differences between the selected versions.

The Compare Versions results window has the following sections:

Delete Policy Versions

Procedure

To delete a policy version:

  1. Select Configure > IPS Policy > Policies.
  2. Right-click the policy or profile or click More.

    A list of actions appears.

  3. Click Manage/Rollback Policy.

    The Manage Version page appears.

  4. Select the policy version you want to delete and click Delete.

    A warning message is displayed.

  5. Click Yes to confirm the deletion.

    The selected policy version is deleted.

Related Documentation