About Firebox Templates
Applies To: Cloud-managed Fireboxes
Firebox templates provide a way to manage shared configuration settings for multiple cloud-managed Fireboxes. In a Firebox template, you can configure firewall policies and services just as you would on an individual Firebox. Your cloud-managed Fireboxes can then subscribe to the template. When Tier-1 Service Providers create a template, it is available to managed and delegated accounts and devices in all accounts below them. You can use template aliases to help you more easily identify a group of hosts, users, or networks in your security policies.
To use Firebox templates to configure Fireboxes, you must:
- Add the template — Add the template and configure the shared settings. For more information, go to Manage Firebox Templates.
- Deploy the template — Deploy the template so that settings will be deployed to devices that currently subscribe the template or that subscribe to it in the future. For more information, go to Deploy Firebox Templates.
- Subscribe devices to the template — After you add and deploy a template, you can apply the template to devices in your account. The template can be inherited by Service Provider accounts that you manage or have delegated access to. Fireboxes that use a template are subscribed to the template. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them. For more information, go to Subscribe a Firebox to a Template.
Firebox Template Configuration Settings
Firebox templates support many of the configuration settings you can configure for an individual Firebox. These settings include:
- Firewall policies and aliases
- Exceptions
- Geolocation
- Content Filtering
- Content Scanning
- Network Blocking
- Device Settings
- SNMP Settings
- Log Servers
- Technology Integrations
- Traffic shaping and QoS marking
- Import configuration settings
The available settings for firewall policies, aliases, services, and exceptions in a template are the same as those you can configure for an individual device. For information about how to create Firebox templates, go to Manage Firebox Templates.
Standard Support licenses do not include all security services. We recommend that you upgrade to the Basic or Total Security Suite to protect your network with these security services. For more information, go to About Firebox Security Services Settings.
Subscribed Devices
Each Firebox can subscribe to multiple templates. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them. When a Firebox subscribes to templates, the Firebox configuration includes:
- Settings configured for the device
- Settings configured in templates the device subscribes to
Each template can have multiple subscribed devices. All devices that subscribe to a template share the template settings.
When you deploy a change to a template, the template configuration settings are deployed to all subscribed devices.
How Template Settings Combine with Device-Specific Settings
For a Firebox that subscribes to a template, the settings from the template combine with or override other settings configured on the device.
Combine | Override |
---|---|
These template settings combine with settings configured on subscribed devices:
The Firebox uses these settings from all templates it subscribes to. |
These template settings override settings configured on subscribed devices:
If the Firebox subscribes to more than one template that has these settings configured, the Firebox uses the settings from the first template that has these settings configured. You can change the order of subscribed templates in the Firebox configuration. For more information, go to Subscribe a Firebox to a Template. |
Template Settings in a Firebox Configuration
In the configuration for a Firebox that subscribes to a template, a lock icon indicates that a setting comes from a template, and is not editable in the Firebox configuration. To see the name of the template where a setting is configured, hover over the lock icon.
To edit template configuration settings for subscribed devices, you must edit and deploy the template.
Service Provider Templates
Service Providers can create Firebox templates that are inherited by all accounts they manage, including delegated accounts. This means that the template is available to devices in all managed accounts. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them.
From the Subscriber account, you can subscribe Fireboxes to an inherited template, but you cannot edit the template settings.
When you deploy a change to a Service Provider template, the template changes automatically deploy to all subscribed devices.
For more information about inherited templates, go to Firebox Template Inheritance.
For examples of how to use templates in a Service Provider account, go to Firebox Template Examples for Service Providers.
About Firebox Firewall Settings
About Firebox Security Services Settings
Configure Firebox System Settings
Video tutorial: Cloud-Managed Firebox Templates