>
    Panorama > Templates > Template Variables
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Panorama Web Interface
    4. Panorama > Templates
    5. Panorama > Templates > Template Variables
    Download PDF
    Next-Generation Firewall

    Panorama > Templates > Template Variables

    Table of Contents

    Panorama > Templates > Template Variables

    Describes how to add a variable definition for a template or a template stack.
    You can define variables (PanoramaTemplates) for templates and template stacks or you can edit existing variables for an individual device (PanoramaManaged DevicesSummary). Variables are configuration components defined on the template or template stack that provide flexibility and re-usability when you use Panorama to manage firewall configurations. You can use variables to replace:
    • An IP address (includes IP Netmask, IP Range, and FQDN) in all areas of the configuration.
    • Interfaces in an IKE Gateway configuration (Interface) and in an HA configuration (Group ID).
    • Configuration elements in your SD-WAN configuration (AS Number, QoS Profile, Egress Max, Link Tag).
    When you add firewalls to a template stack, they automatically inherit variables that you create for a template or template stack.
    Template Variable Information
    Description
    Name
    The name of the variable definition.
    Template (device and template stack)
    Displays the name of the template to which the variable definition belongs.
    Type
    Displays the type of variable definition:
    • IP Netmask—Define a static IP or network address.
    • IP Range—Define an IP range. For example, 192.168.1.10-192.168.1.20.
    • Hostname—Label or human readable name assigned to a device connected to the network.
    • IPv4 Subnet—Subnet for IPv4 IP addresses. For example, 1.1.1.0/24.
    • IPv6 Subnet—Subnet for IPv6 IP addresses. For example, 5555::00/24.
    • Pre Shared Key—Security key for authentication when configuring a VPN tunnel. Up to 255 ASCII or non-ASCII keys are supported.
    • FQDN—Define a fully qualified Domain Name.
    • Group ID—Define the High Availability Group ID. For more information, see Configuration Guidelines for Active/Passive HA.
    • Device Priority—Define the device priority to indicate a preference for which firewall should assume the active role in an Active-Passive high availability (HA) configuration.
    • Device ID—Define the Device ID to use to assign a device priority valuer in a Active-Active high availability (HA) configuration.
    • Interface—Define a firewall interface on the firewall. Can only be used for an IKE Gateway configuration.
    • AS Number—Define an autonomous system number to use in your BGP configuration.
    • QoS Profile—Define a Quality of Service (QoS) profile to use in QoS configurations.
    • Egress Max—Define an egress max value to use in QoS profile configuration.
    • Link Tag—Define a link tag to use in your SD-WAN configuration.
    Value
    Displays the configured value for the variable definition.
    Add (template and template stack)
    Add a new template variable definition.
    Delete
    Delete an existing template variable definition.
    Clone
    Clone an existing template variable definition.
    Override (template stack and device)
    Overrides an existing template variable definition inherited from the template stack or device. You cannot change the variable type or name and you cannot override device-specific variables.
    Revert (template stack and device)
    To clear any overridden values on the template stack or device level; reverts the overridden variable to its original template variable definition.
    Get values used on device only (device only)
    Populate the selected variable with the value used on the firewall. Requires that a template or template stack variable be already defined and pushed to the firewall before Panorama can retrieve the value. Values fetched from the firewall will Override the template or template stack variable to create a device-specific variable. If no variable definition has been pushed to the firewall, Panorama will return Value not found for that variable.

    New Template Variable Creation

    How to create a new template variable for a template or template stack.
    Add a new template variable definition.
    New Template Variable Definition Information
    Description
    Name
    Name the variable definition. All variable definition names must start with the dollar sign (“$”) character.
    Type
    		Select the type of variable definition: IP Netmask, IP Range, FQDN, Group ID, Device Priority, Device ID, Interface, AS Number, QoS Profile, Egress Max, or Link Tag.
    Value
    Enter the desired value for the variable definition.

    Edit Existing Template Variable

    How to edit an existing template variable for a template or template stack.
    You can edit a template variable definition for a template or template stack at any point after the variable is created (PanoramaTemplates). Manage the template variables to select a variable and edit available values as needed.

    Create or Edit Variable Definition on a Device

    How to create device-specific variable definitions from other devices within the same template stack.
    Go to PanoramaManaged DevicesSummary to create variable definitions or override template variables pushed from a Panorama template or template stack. Template variables include:
    • An IP address (IP Netmask, IP Range, or FQDN) in all areas of the configuration.
    • Interfaces in an IKE Gateway configuration (Interface) or an HA configuration (Group ID).
    • Configuration elements in your SD-WAN configuration (AS Number, QoS Profile, Egress Max, Link Tag).
    Creating a device variable allows you to copy overridden device-specific variables from a device in the same template stack instead of recreating them individually. By default, all variable definitions are inherited from the template or template stack and can be only overridden—you cannot delete or create new variable definitions for an individual device.
    Create device variable definitions by copying variable definitions from existing devices in the template stack or Edit existing device variable definitions.

    © 2025 Palo Alto Networks, Inc. All rights reserved.