ASM: convert from rapid deployment to comprehensive -- how to

Building a policy using traffic from trusted IPs is always advisable. However, the conversion idea is trickier. Your rapid deployment template-based policies rely heavily on attack signatures, RFC compliance, and other negative security elements. Once you create a policy from a template, you cannot change the template, even if you export it and use it to build a new policy. What is your goal for deploying a policy based on the comprehensive template? The learning and blocking settings for comprehensive are much different than those for rapid deployment: There will be learning suggestions for file types, parameters, URLs, etc. that don't exist in the rapid deployment-based policies. One option would be to export your existing policies, and then modify the learning method (manual or automatic) and the learn, alarm, and block flags for the violations you are interested in implementing to build your new policy. By running trusted traffic, you will certainly reduce the number of false positives, but you should be prepared for some manual tuning.