Golden configuration template can be used to increase the operational efficiency and minimize configuration errors. Customers with large no of tenants and firewalls (Distributed enterprises and MSSPs) can convert a gold standard device configuration into a template which could be applied to the new devices. The administrator can select a device from the firewall inventory page and export its configuration as a golden template.
Before exporting the firewall configuration into the golden template you must ensure the following prerequisites:
The source and target device model must be running on the same operating system for successful deployments:
If you are exporting a template from Gen6 device, then it is not supported to Gen7 device.
If you are exporting a template from SonicOS, then it is not supported to SonicOSX.
Licenses on both source and target firewalls are same.
The target firewalls are factory reset.
Create device group structure as per the requirement of the organization.
Add unassigned devices to the corresponding groups on which the template is going to be applied.
Ensure that the source firewalls and target firewalls are in Managed state in NSM. If not, then you need to synchronize the firewall before exporting, using the Action column.
It is recommended that you force synchronize the source firewalls which will be exported after upgrading or using a new NSM release. Otherwise, the bug fixes and improvements on the firewall management inside NSM will not be reflected.
Exporting the Firewall Configuration into Template
To export firewall configuration into golden template
Navigate to Manage View > Firewalls > Inventory.
Choose a firewall and click on Export to Template.
On the Export to Template dialog page, enter the Template Name.
To enable automated deployment of the template configuration to Zero-Touch devices when the template is applied to target group(s) or device(s), enable or disable Zero Touch Provisioning option. Offline devices will be updated once they come online.
Enter a valid Description. This is an optional requirement.
Click Save to successfully export the firewall configuration into the golden template.
Only the custom objects are exported to the template configuration. This helps you to exclude default configurations and successfully deploy other essential custom objects to factory default firewalls.
The following configurations will not be exported to the template:
Editing Golden Template
After successfully exporting the firewall configuration into the golden template you will be automatically directed to the Template page.
To edit golden template
Click the new template name or select Edit Template in the Action field to open the Template View.
Navigate to other options in Template View: Device, Network, Object, or Policy.
Manually make changes to the exported configuration and add variables for device specific values as needed.
It is recommended that you do not delete the configurations from View Template Configuration as it breaks dependencies.
Since physical WAN interfaces are not exported, edit physical WAN interface settings under Network > Interfaces in template.
After you update the template, click View Templates Details to view the exported configurations and new edits.
Applying Template to Device Groups or Devices
You need to apply a template to review any apply errors and edit the template if needed to fix the errors.
NSM identifies and groups dependent configurations automatically before committing it to unapplied firewalls.
To apply a template
Click on the Apply Template button on the Template View. You can apply template on the Manager View using on the Action column next to the template that you want to apply.
Select the device group(s) or devices within any group (s) to apply the template.
Committing and Deploying the Updates
Click on Commit & Deploy wizard from the Manager View.
Review devices and changes for deployment.
Create commit and deploy immediately or schedule for deployment later.
Once deployment is complete, review errors and make changes as needed.