Centralized Firewall Management Administration Guide

Technical Documentation
Table of Contents

Exporting the Firewall Configuration as an Exp Golden Template

The Exp-based Golden Template deploys configurations to the firewall in the same way the backup exp file is deployed on a firewall, thus reducing the number of API calls required to push golden template configuration to firewalls.

To start using the EXP-based template

  1. Choose a source firewall to export the configuration to the EXP-based template.

  2. Update the exp file with essential configurations before deploying it to target firewalls.

    Review the configurations relevant to the Internet connections, as they are crucial for firewalls managed by NSM/Firewall Management.

  3. Ensure that the following settings are set correctly:

    • WAN Zone interfaces are set correctly, either by being assigned to DHCP or static IP assignment mode.
    • HTTPS Port or the HTTPS Management service object.

    If any changes are made to the above configurations in the exported template, NSM/Firewall Management makes the updates in the template before deploying them to firewalls. Any other changes in the EXP-based template are deployed using the API.

To export firewall configuration as an exp golden template

  1. Navigate to Manager View | Home > Firewalls > Inventory page.

  2. Click the Ellipses icon in the ACTION column of which you want to export and select Export to Template.

  3. Enter a template name.

    By the default, Create new Template is enabled.

  4. Enable Zero Touch Provisioning to auto-deploy Template configuration whenever the Firewalls connect to Firewall Management for the first time over Zero Touch.
  5. Enter a Description. This is an optional requirement.
  6. Click Save to export the firewall configuration into the golden template.

  7. Do one of the following:

    • Click Confirm to navigate to the Manager View | Home > Templates inventory page.
    • Click Cancel to create a template on Manager View | Home > Templates page but stay on the Manager View | Home > Firewalls > Inventory page.

     

    • Only the custom objects are exported to the template configuration. This helps you to exclude default configurations and successfully deploy other essential custom objects to factory default firewalls.

    • The following configurations will not be exported to the template:

      • Time
      • VLAN Translation
      • Routing