About Firebox Templates

Applies To: Cloud-managed Fireboxes

Firebox templates provide a way to manage shared configuration settings for multiple cloud-managed Fireboxes. In a Firebox template, you can configure firewall policies and services just as you would on an individual Firebox. Your cloud-managed Fireboxes can then subscribe to the template. When Tier-1 Service Providers create a template, it is available to managed accounts and devices in all accounts below them. You can use template aliases to help you more easily identify a group of hosts, users, or networks in your security policies.

To use Firebox templates to configure Fireboxes, you must:

  • Add the template — Add the template and configure the shared settings. For more information, go to Manage Firebox Templates.
  • Deploy the template — Deploy the template so that settings will be deployed to devices that currently subscribe the template or that subscribe to it in the future. For more information, go to Deploy Firebox Templates.
  • Subscribe devices to the template — After you add and deploy a template, you can apply the template to devices in your account. The template can be inherited by Service Provider accounts that you manage. Fireboxes that use a template are subscribed to the template. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them. For more information, go to Subscribe a Firebox to a Template.

Firebox Template Configuration Settings

Firebox templates support many of the configuration settings you can configure for an individual Firebox. These settings include:

  • Firewall policies and aliases
  • Exceptions
  • Geolocation
  • Content Filtering
  • Content Scanning
  • Network Blocking
  • Device Settings
  • SNMP Settings
  • Log Servers
  • Technology Integrations
  • Traffic shaping and QoS marking
  • Import configuration settings

The available settings for firewall policies, aliases, services, and exceptions in a template are the same as those you can configure for an individual device. For information about how to create Firebox templates, go to Manage Firebox Templates.

Standard Support licenses do not include all security services. We recommend that you upgrade to the Basic or Total Security Suite to protect your network with these security services. For more information, go to About Firebox Security Services Settings.

Subscribed Devices

Each Firebox can subscribe to multiple templates. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them. When a Firebox subscribes to templates, the Firebox configuration includes:

  • Settings configured for the device
  • Settings configured in templates the device subscribes to

Each template can have multiple subscribed devices. All devices that subscribe to a template share the template settings.

Example of Firebox template settings on subscribed devices.

When you deploy a change to a template, the template configuration settings are deployed to all subscribed devices.

How Template Settings Combine with Device-Specific Settings

For a Firebox that subscribes to a template, the settings from the template combine with or override other settings configured on the device.

Combine Override

These template settings combine with settings configured on subscribed devices:

  • Firewall policies and aliases
  • Exceptions
  • Geolocation
  • Content Filtering
  • Traffic shaping and QoS marking
  • Import configuration settings

The Firebox uses these settings from all templates it subscribes to.

These template settings override settings configured on subscribed devices:

  • Content Scanning
  • Network Blocking
  • Device Settings
  • SNMP Settings
  • Log Servers

If the Firebox subscribes to more than one template that has these settings configured, the Firebox uses the settings from the first template that has these settings configured.

You can change the order of subscribed templates in the Firebox configuration. For more information, go to Subscribe a Firebox to a Template.

Template Settings in a Firebox Configuration

In the configuration for a Firebox that subscribes to a template, a lock icon indicates that a setting comes from a template, and is not editable in the Firebox configuration. To see the name of the template where a setting is configured, hover over the lock icon.

Screen shot of the Content Filtering settings for a Firebox, with a lock icon and hover text

To edit template configuration settings for subscribed devices, you must edit and deploy the template.

Service Provider Templates

Service Providers can create Firebox templates that are inherited by all accounts they manage. This means that the template is available to devices in all managed accounts. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them.

Diagram: Example of Firebox template settings added to subscribed devices

Example of Firebox template settings added to devices in two subscriber accounts.

From the Subscriber account, you can subscribe Fireboxes to an inherited template, but you cannot edit the template settings.

When you deploy a change to a Service Provider template, the template changes automatically deploy to all subscribed devices.

For more information about inherited templates, go to Firebox Template Inheritance.

For examples of how to use templates in a Service Provider account, go to Firebox Template Examples for Service Providers.

Related Topics

About Firebox Firewall Settings

About Firebox Security Services Settings

Configure Firebox System Settings

Video tutorial: Cloud-Managed Firebox Templates