Applies To: Cloud-managed Fireboxes
Firebox templates provide a way to manage shared configuration settings for multiple cloud-managed Fireboxes. In a Firebox template, you can configure firewall policies and services just as you would on an individual Firebox, and then apply that template to multiple cloud-managed Fireboxes. You can use template aliases to help you more easily identify a group of hosts, users, or networks in your security policies.
To use Firebox templates to configure Fireboxes, you must:
- Add the template — Add the template and configure the shared settings. For more information, see Manage Firebox Templates.
- Deploy the template — Deploy the template so that settings will be deployed to devices that currently subscribe the template or that subscribe to it in the future. For more information, see Deploy Firebox Templates.
- Subscribe devices to the template — After you add and deploy a template, you can apply the template to devices in your account. Fireboxes that use a template are subscribed to the template. For more information, see Subscribe a Firebox to a Template.
Firebox Template Configuration Settings
Firebox templates support many of the configuration settings you can configure for an individual Firebox. These settings include:
- Firewall policies and aliases
- Content Filtering
- Content Scanning
- Network Blocking
- Device Feedback
- Log Servers
- Technology Integrations
The available settings for firewall policies, aliases, services, and exceptions in a template are the same as those you can configure for an individual device. For information about how to create Firebox templates, see Manage Firebox Templates.
Each Firebox can subscribe to multiple templates. When a Firebox subscribes to templates, the Firebox configuration includes:
- Settings configured for the device
- Settings configured in templates the device subscribes to
Each template can have multiple subscribed devices. All devices that subscribe to a template share the template settings.
When you deploy a change to a template, the template configuration settings are deployed to all subscribed devices.
How Template Settings Combine with Device-Specific Settings
For a Firebox that subscribes to a template, the settings from the template combine with or override other settings configured on the device.
These template settings combine with settings configured on subscribed devices:
The Firebox uses these settings from all templates it subscribes to.
These template settings override settings configured on subscribed devices:
If the Firebox subscribes to more than one template that has these settings configured, the Firebox uses the settings from the first template that has these settings configured.
You can change the order of subscribed templates in the Firebox configuration. For more information, see Subscribe a Firebox to a Template.
Template Settings in a Firebox Configuration
In the configuration for a Firebox that subscribes to a template, a lock icon indicates that a setting comes from a template, and is not editable in the Firebox configuration. To see the name of the template where a setting is configured, hover over the lock icon.
To edit template configuration settings for subscribed devices, you must edit and deploy the template.
Service Provider Templates
Service Providers can create Firebox templates that are inherited by all accounts they manage. This means that the template is available to devices in all managed accounts.
From the subscriber account, you can subscribe Fireboxes to an inherited template, but you cannot edit the template settings.
When you deploy a change to a service provider template, the template changes automatically deploy to all subscribed devices.
For more information about inherited templates, see Firebox Template Inheritance.
For examples of how to use templates in a Service Provider account, see Firebox Template Examples for Service Providers.