Centralized Firewall Management Administration Guide

Technical Documentation>  Best Practices>  Templates Best Practices
Table of Contents

Templates Best Practices

Configuration templates allow administrators to effectively deploy and manage common configurations across a group of firewalls, which minimizes the administration efforts and time. For more information, refer to Templates.

Follow these recommendations to better utilize and apply the templates feature:

  • Adding more firewalls than the maximum recommended firewalls per template might result in high latency. The maximum recommended number of firewalls per template in SaaS and On-Premises is 1000.

  • Limit configurations within a single template. Create multiple templates to segment configurations, making it easier to identify and resolve errors.

    Keep dependent configurations within the same template to avoid issues.

  • If a template includes many configuration changes—such as add, modify, or delete—create a new template for onboarding new firewalls. Include only the final configuration to minimize unnecessary API operations, prevent customer confusion, and avoid deployment delays.
  • Use the Export/Import CSV feature to populate variable values if a template includes many variables across multiple firewalls. This helps prevent manual entry errors and avoids session timeouts.

Prerequisites and Best Practices for using Golden Templates

  • Ensure that the source and target firewalls:

    • Are running the same firmware version for successful deployments
    • Are of the same models
    • Licenses are identical

    • Are in In Sync state

      If the firewall is not In Sync state, synchronize according to Synchronizing a Firewall Configuration with Firewall Management.

      NSM/Firewall Management does not export pending configurations from the source firewall as part of the golden template. Apply all pending configurations to the source firewall before exporting the template.

  • Ensure that the target firewall is reset to factory settings.
  • Create a device group structure as per the requirements of the organization. For more information, refer to Device Groups.
  • Whenever applicable, use the EXP-based golden template introduced in NSM 3.2.0. This feature exports the source firewall configuration as an exp based template, making it easier to standardize deployments across multiple environments and reduce configuration errors. For more information, refer to Exporting the Firewall Configuration as an Exp Golden Template.
  • Some configurations will not be exported to the template. For more information, refer to the Unsupported Template Configurations.
  • Review the WAN interface settings before applying the template to the target firewalls.
Chat