Templates in this Use Case

When grouping firewalls for templates, we must take into account the differences in the networking configuration. For example, if the interface configuration is not the same—the interfaces are unlike in type, or the interfaces used are not alike in the numbering scheme and link capacity, or the zone to interface mappings are different—the firewalls must be in separate templates. Further, the way the firewalls are configured to access network resources might be different because the firewalls are spread geographically; for example, the DNS server, syslog servers and gateways that they access might be different. So, to allow for an optimal base configuration, in Use Case: Configure Firewalls Using Panorama we must place the firewalls in separate templates as follows:
  • T_Branch for the branch office firewalls
  • T_Regional for the regional office firewalls
  • T_DataCenter for the data center firewalls
    Device Group Example
    Example_topology_DG1_redo.png
    If you plan to deploy your firewalls in an active/active HA configuration, assign each firewall in the HA pair to a separate template. Doing so gives you the flexibility to set up separate networking configurations for each peer. For example, you can manage the networking configurations in a separate template for each peer so that each can connect to different northbound and southbound routers, and can have different OSPF or BGP peering configurations.

Related Documentation