How Do Template Stacks Help Me Manage Firewalls?
Managing how firewalls operate in your network can be complex, especially if their locations and functions affect the settings you configure. Firewalls in one country might communicate with a different DNS server than firewalls in another country. Operations center firewalls might have different administrators than branch office firewalls. At the same time, maybe all your firewalls use the same roles for those administrators. You can simplify management by using a Panorama template to configure the settings that are common to all the firewalls in a particular location or functional group. However, if you have to manage both common and unique settings across many firewall groups, templates would be even more useful if you could modularize and reuse a few (building-block templates) to create many combinations. Template stacks make this not only possible, but easy.
Assigning firewalls to a template stack eliminates the need to configure common settings in each template because the firewalls inherit the settings from all the building-block templates in the stack. You can reduce both the number of templates and the number of settings in each by modularizing: create one template with common settings and function- or location-specific templates with unique settings. This approach is a lot less work than configuring all the common and unique settings in each template for each firewall group.
How Do I Configure a Template Stack?
The following infographic describes how to configure a template stack. The steps are:
- Plan the templates and their priority order. If multiple templates have the same settings, the settings in higher priority templates override lower priority templates.
- Create the templates.
- Create the template stack and assign templates (in the desired priority order) and firewalls to the stack.
For detailed instructions, refer to Configure a Template Stack in the PAN-OS 7.1 Administrator’s Guide.