: Configure a Template or Template Stack Variable
Focus
Focus

Configure a Template or Template Stack Variable

Table of Contents

Configure a Template or Template Stack Variable

How to create a variable in a template or template stack and push it to firewalls and appliances.
To enable you to more easily reuse templates or template stacks, you can use template and template stack variables to replace IP addresses, Group IDs, and interfaces in your configurations. Template variables are defined at either the template or template stack level and you can use variables to replace IP addresses, IP ranges, FQDN, interfaces in IKE, VPN and HA configurations, and group IDs. If multiple templates in the template stack use different variables for the same configuration object, the variable value inherited by the template stack is based on the order of inheritance described in Templates and Template Stacks. Additionally, you can override a template value using a template stack variable to manage a configuration object from the template stack.
Variables allow you to reduce the total number of templates and template stacks you need to manage, while allowing you to keep any firewall- or appliance-specific values. For example, if you have a template stack with a base configuration, you can use variables to create values that do not apply to all firewalls in the template or template stack. This allows you to manage and push configurations from fewer templates and template stacks while accounting for any firewall- or appliance specific values that you would otherwise need before you can create a new template or template stack.
To create a template or template stack variable:
  1. Create a template and template stack.
  2. Select
    Panorama
    Templates
    and
    Manage
    (Variables column) the template or template stack for which you want to create a variable.
  3. Add
    the new variable.
    A variable name must start with the dollar ( $ ) symbol.
    1. Name the new variable. In this example, the variables are named
      $DNS-primary
      and
      $DNS-secondary
      .
    2. Select the variable
      Type
      and enter the corresponding value for the selected variable type.
      For this example, select
      IP Netmask
      .
    3. Enter the corresponding value for
      Type
      .
    4. Click
      OK
      and
      Close
    Variables can also be created inline where variables are supported.
  4. From the
    Template
    drop-down, select the template or template stack to which the variable belongs.
  5. Enter the variable in the appropriate location.
    For this example, reference the previously defined DNS value.
    1. Select
      Device
      .
    2. From the
      Template
      drop-down, select the template or template stack to which the variable belongs.
    3. Select
      Setup
      Services
      .
    4. Edit the Services.
    5. Type
      $DNS-primary
      or select it from the drop-down for
      Primary DNS Server
      .
    6. Type
      $DNS-secondary
      or select it from the drop-down for
      Secondary DNS Server
      .
    7. Click
      OK
      .
  6. Click
    Commit
    and
    Commit and Push
    your changes to managed firewalls.
    When you push a device group configuration with references to template or template stack variables, you must
    Edit Selections
    and
    Include Device and Network Templates
    .
  7. Verify that the values for all variables were pushed to the managed devices.
    1. From the
      Context
      drop-down, select a firewall that belongs to the template stack for which the variable was created.
    2. Select
      Device
      Setup
      Services
      .
    3. Settings with values defined by a template or template stack are indicated by a template symbol ( ). Hover over the indicator to view to which template or template stack the variable definition belongs. When viewing from the firewall context, the variables display as the IP address you configured for the variable.
  8. Troubleshoot Connectivity to Network Resources to verify your firewalls can access your network resources.

Recommended For You