Configure a Template or Template Stack Variable

How to create a variable in a template or template stack and push it to firewalls and appliances.
To enable you to more easily reuse templates or template stacks, you can use template and template stack variables to replace IP addresses, Group IDs, and interfaces in your configurations. Template variables are defined at either the template or template stack level and you can use variables to replace IP addresses, IP ranges, FQDN, interfaces in IKE, VPN and HA configurations, and group IDs. Variables defined in the template override variables defined in the template stack because template configurations have higher priority than template stack configurations. Variables allow you to reduce the total number of templates and template stacks you need to manage, while allowing you to keep any firewall- or appliance-specific values. For example, if you have a template stack with a base configuration, you can use variables to create values that do not apply to all firewalls in the template or template stack. This allows you to manage and push configurations from fewer templates and template stacks while accounting for any firewall- or appliance specific values that you would otherwise need before you can create a new template or template stack.
To create a template or template stack variable:
  1. Log in to the Panorama Web Interface.
  2. Create a template and template stack.
    1. Add a Template
    2. Configure a Template Stack.
  3. Select PanoramaTemplates and Manage (Variables column) the template or template stack for which you want to create a variable.
  4. Add the new variable.
    A variable name must start with the dollar ( $ ) symbol.
    1. Name the new variable. In this example, the variables are named $DNS-primary and $DNS-secondary.
    2. Select the Variable type and choose IP Netmask, IP Range, FQDN, Group ID, or Interface. For this example, address.
    3. Enter the corresponding value for Type.
    4. Click OK and Close
    Variables can also be created inline where variables are supported.
    template-variable-creation.png
  5. From the Template drop-down, select the template or template stack to which the variable belongs.
  6. Enter the variable in the appropriate location.
    For this example, reference the previously defined DNS value.
    1. Select DeviceSetupServices and edit Services.
    2. Type $DNS-primary or select it from the drop-down for Primary DNS Server.
    3. Type $DNS-secondary or select it from the drop-down for Secondary DNS Server.
    4. Click OK.
  7. Click Commit and Commit and Push your changes to managed firewalls.
    When you push a device group configuration with references to template or template stack variables, you must Edit Selections and Include Device and Network Templates.
  8. Verify that the values for all variables were pushed to the managed devices.
    1. From the Context drop-down, select a firewall that belongs to the template stack for which the variable was created.
    2. Select DeviceSetupServices.
    3. Settings with values defined by a template or template stack are indicated by a template symbol ( icon_template_variable.png ). Hover over the indicator to view to which template or template stack the variable definition belongs. When viewing from the firewall context, the variables display as the IP address you configured for the variable.
      template-variable-example.png
  9. Troubleshoot Connectivity to Network Resources to verify your firewalls can access your network resources.

Related Documentation