Creating and Managing Policy Versions

You create a policy version by taking a snapshot of another policy. You can create versions for all types of policies including All Devices, Group, Device, and Device exceptions.

The maximum number of versions maintained for any policy is 60. If the maximum limit is reached, you must delete the unwanted versions before saving a new version. Versioning and rollback are independent operations for each policy.

For example, if you take a snapshot of a group firewall policy, or roll back to a previous firewall policy version, it does not change the version for all device policy rules; you must separately version each policy rule.

Creating Policy Snapshots

Procedure

1. Select Configure and select the landing page for the type of policy for which you are creating a snapshot.
2. From the landing page, select the check box next to the policy for which you are taking a snapshot, and then right-click the policy or click More.

   A list of actions appears.

3. Select Manage/Rollback.

   The Manage Version page appears.

4. Click Create Snapshot.

   The Snapshot Policy page appears.

5. Enter your comments in the Comments field, and click Create to take a snapshot. The Snapshot Policy window appears, showing the status of the version as it is created.

   Note During policy publish, Security Director takes an automatic snapshot of the policy.

Managing Policy Versions

You can view or manage all available versions of a selected policy. You can perform the following tasks on the snapshots:

• Roll back to a specific version.

• View the differences between any two versions (including the current version) of the policy.

• Delete one or more versions from the system.

Rolling Back Policy Versions

Procedure

1. Select Configure and select the landing page for the type of policy for which you are rolling back the policy version.
2. From the landing page, select the check box next to the policy for which you are rolling back a version, and then right-click the policy or click More.

   A list of actions appears.

3. Select Manage/Rollback.

   The Manage Version page appears.

4. Select the version that you want to make as the current version, and click Rollback.

   The rollback operation replaces all the rules and rule groups of the current version with rules and rule groups from the selected version. For all the shared objects, Object Conflict Resolution (OCR) is done. If there are any conflicts between the versioned data and the current objects in the system, the OCR window is displayed.

5. After finishing any conflict resolution, click Next to view the OCR summary report.
6. Click Finish to replace the current policy with the versioned data. A summary of the snapshot policy is shown by clicking Snapshot.

Deleting Policy Versions

Procedure

1. Select Configure and select the landing page for the type of policy for which you are deleting a version.
2. From the landing page, right-click the policy or profile or click More.

   A list of actions appears.

3. Click Manage/Rollback.

   The Manage Version page appears.

4. Select the policy version you want to delete and click Delete.

   A warning message is displayed.

5. Click Yes to confirm the deletion.

   The selected policy version is deleted.

Related Documentation

• Creating Firewall Policies

• Showing and Deleting Unused Policies and Objects

• Editing and Cloning Policies and Objects