10-23-2019 05:41 PM - edited 02-21-2020 09:37 AM
I noticed one of the policies on the FMC is out of date i.e not updated/deployed on the Firewall.
I am not aware what changes were done on the policy and I want to avoid going through each and every rule to find that out.
Is there way I can rollback changes on the policy to match with the policy that is already on the firewall ?
10-23-2019 07:55 PM
03-26-2023 09:23 AM - edited 03-26-2023 09:23 AM
Latest FTD have option to rollback the policy to last working policy
configure policy rollback
---------------------------------------------------------------------------------------------
[Warning] Perform a policy rollback if the FTD communicates with the FMC on a data interface, and it has lost connectivity due to a policy deployment from the FMC. If the FTD still has connectivity to the FMC, and you want to perform a policy rollback for other purposes, then you should do the rollback on the FMC and not with this command. Note that there will be a traffic drop when you rollback the policy.
Checking Eligibility ....
============= DEVICE DETAILS =============
Device Version: 7.3.0
Device Type: FTD
Device Mode: Offbox
Device in HA: false
Device in Cluster: false
Device Upgrade InProgress: false
==========================================
Device is eligible for policy rollback
This command will rollback the policy to the last deployment done on Mar 26 15:48.
[Warning] The rollback operation will revert the convergence mode.
Do you want to continue (YES/NO)? Yes
Starting rollback...
Deployment of Platform Settings to device. Status: success
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide