https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/3946878#M922926 Hi<BR /><BR />Unfortunately you can't. This is an existing enhancement request:<BR /><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm28872/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm28872/?rfs=iqvred</A><BR /><BR />If you have a backup, you can restore it.<BR />I know some guys at the TAC can clear the db but not all are doing this.<BR /><BR />You can go under the system menu then monitoring and audit, you'll be able to see who did the change and click on the detail to see what change has been done.<BR /><BR />If someone has exported the policies, you can re-import then under ACP menu.<BR /> Thu, 24 Oct 2019 02:55:57 GMT Francesco Molino 2019-10-24T02:55:57Z https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/3946791#M922925 <P>I noticed one of the policies on the FMC is out of date i.e not updated/deployed on the Firewall.</P><P>I am not aware what changes were done on the policy and I want to avoid going through each and every rule to find that out.</P><P>Is there way I can rollback changes on the policy to match with the policy that is already on the firewall ?</P> Fri, 21 Feb 2020 17:37:38 GMT https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/3946791#M922925 damode 2020-02-21T17:37:38Z https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/3946878#M922926 Hi<BR /><BR />Unfortunately you can't. This is an existing enhancement request:<BR /><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm28872/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm28872/?rfs=iqvred</A><BR /><BR />If you have a backup, you can restore it.<BR />I know some guys at the TAC can clear the db but not all are doing this.<BR /><BR />You can go under the system menu then monitoring and audit, you'll be able to see who did the change and click on the detail to see what change has been done.<BR /><BR />If someone has exported the policies, you can re-import then under ACP menu.<BR /> Thu, 24 Oct 2019 02:55:57 GMT https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/3946878#M922926 Francesco Molino 2019-10-24T02:55:57Z https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/4801532#M1099008 <P>Latest FTD have option to rollback the policy to last working policy</P> <P><STRONG>configure policy rollback</STRONG><BR />---------------------------------------------------------------------------------------------<BR />[Warning] Perform a policy rollback if the FTD communicates with the FMC on a data interface, and it has lost connectivity due to a policy deployment from the FMC. If the FTD still has connectivity to the FMC, and you want to perform a policy rollback for other purposes, then you should do the rollback on the FMC and not with this command. Note that there will be a traffic drop when you rollback the policy.</P> <P>Checking Eligibility ....<BR />============= DEVICE DETAILS =============<BR />Device Version: 7.3.0<BR />Device Type: FTD<BR />Device Mode: Offbox<BR />Device in HA: false<BR />Device in Cluster: false<BR />Device Upgrade InProgress: false<BR />==========================================<BR />Device is eligible for policy rollback</P> <P>This command will rollback the policy to the last deployment done on Mar 26 15:48.<BR />[Warning] The rollback operation will revert the convergence mode.<BR />Do you want to continue (YES/NO)? Yes</P> <P>Starting rollback...<BR />Deployment of Platform Settings to device. Status: success</P> <P>&nbsp;</P> Sun, 26 Mar 2023 16:23:57 GMT https://community.cisco.com/t5/network-security/how-to-rollback-a-change-in-the-policy-that-has-not-been/m-p/4801532#M1099008 pan 2023-03-26T16:23:57Z