Application Security Manager has a Policy Diff feature that lets you compare two security policies, view the differences between them, and copy the settings from one policy to the other. You can use the comparison for auditing purposes, to make two policies act similarly, or to simply view the differences between two security policies. The Policy Diff feature is particularly useful for comparing a security policy in staging and a production version. You can compare active security policies (with or without Policy Builder running), inactive security policies, and exported security policies. When you import security policies that were exported from another system, they are placed in the inactive policies list.
You need to have a user role on the BIG-IP system of Administrator or Web Application Security Editor to use Policy Diff to compare security policies.
|Work on Original||Incorporate changes to one (or both) of the original security policies depending on the merge options you select without making a copy of it.|
|Make a Copy||Make a copy of the security policy into which you are incorporating changes.|
|Work on Copy||Work on a copy of the original security policy. First, a copy is made, then incorporate possible changes on the original policies. If comparing one or more policies with Policy Builder enabled, this option is automatically selected (and the other options become unavailable).|