If you had Web Security policies prior to upgrading your environment, you'll find them in
a new editable Snippet called “web-sec-migration”. If you had targeted rules specific
for GlobalProtect, Explicit Proxy, or Remote Networks, your find them in a separate
snippet that's attached to the relevant scope.
So you don't encounter any functional changes to your configuration, snippets have
already associated with their correct level, but you'll need to perform a full ("All
Admin" scope) before your commits can function.