It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Work with Configuration Templates on Different Levels in the Configuration Tree

  • Last updated on

Working with Configuration Templates in the Control Center's configuration tree is possible on three levels:

  • On the global level.
    You can locate the respective node Configuration Templates in the configuration tree at CONFIGURATION > Configuration Tree > Multi-Range > Global Settings.
  • On the range level.
    The Configuration Templates node is hidden by default. For more information, see How to enable Configuration Templates on the Range Level below.
  • On the cluster level.
    You can locate the respective node Configuration Templates in the configuration tree at CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > your range > your cluster.

When you open the configuration tree in the Control Center for the very first time, the Configuration Templates node is only visible on the Global Settings level.

conf_templates_CC_initial_configtree.png

In order to see the Configuration Templates nodes on the global and cluster level, you must first add a range and a cluster that corresponds with your organizational requirements. The following example shows the configuration tree with 1 range and 1 subordinated cluster.

conf_templates_CC_initial_configtree_with_range_and_cluster.png

By default, the Configuration Templates node on the range level is disabled.

How to Enable Configuration Templates on the Range Level

In order to enable Configuration Templates on the range level, you must ensure that there are 'Range' nodes configured. For more information on how to create ranges and clusters, see How to Manage Ranges and Clusters.

Then perform the following steps:

  1. Log into your Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > Range Properties.
  3. Click Lock.
  4. In the section Specific Settings, select yes for Own Configuration Templates
    conf_templates_enable_conf_templates_on_range_level.png
  5. Click Send Changes.
  6. Click Activate.
  7. Go to CONFIGURATION > Configuration Tree. The configuration tree now shows the Configuration Templates node on the global, the range, and the cluster level.
    conf_templates_configuration_templates_on_all_configtree_levels.png

Configuration Templates on the Global, the Range, and the Cluster Level

Configuration templates fully comply with the concept of propagating configuration settings to a different amount of managed instances in the Control Center depending on the level where the configuration has been made in the configuration tree. In fact, the Configuration Templates window looks initially different on the three levels:

Global LevelRange Level

Cluster Level

conf_templates_conf_template_window_on_global_and_range_level_initial.pngconf_templates_conf_template_window_on_global_and_range_level_initial.pngconf_templates_conf_template_window_on_cluster_level_initial.png

On CloudGen firewalls with firmware that provides the Configuration Template feature, multiple example configuration templates are provided only on the cluster level.

Adding an entry at a higher level in the configuration tree will make this entry be displayed on all subordinated levels. As an example, an entry that is added on the global level will be displayed both on the range and the cluster level. If an entry is added to the range level, it will not be displayed on the global, however, it will be displayed on the cluster level.

In order to distinguish such entries that have been entered at higher levels in the configuration tree, these entries are displayed in grey color at the range and the cluster level.

 Template AddedTemplates Displayed on Original LevelTemplates Displayed on Subordinated Levels
Global Levelcgf-Template-GLconf_templates_cgf_template_configured_on_global_level.png-
Range Levelcgf-Template-RLconf_templates_cgf_template_configured_on_range_level.pngconf_templates_new_template_on_clusterl_level_showing_templates_from_global_and_range_levels.png
Cluster Levelcgf-Template-CLconf_templates_cgf_template_configured_on_cluster_level.pngconf_templates_new_template_on_clusterl_level_showing_templates_from_global_and_range_and_cluster_levels.png

Entries in grey color indicate that they can only be modified on their original level.

How to Create/Derive a New Instance from a Template

Basically, creating a new instance is the procedure of duplicating a template on a certain level (global, range, or cluster), while referring it to the original template in terms of inheriting all settings from the template, and at the same time associating it with a certain type of operative instance, e.g., CGF, SC. When you create a new instance, you must be aware that an instance can require you to specify certain settings during creation, e.g., entering certain data for a password, that then will be implicitly associated with the new instance. For this, you must create the required parameter in the template editor.

The following example demonstrates:

  • how to create a template on the global level
  • how to derive an instance from that template that is weakly/strongly bound to the template
  • how those new appliances look in the configuration tree
Step 1. Create a New Template on the Cluster Level in the Configuration Tree

Note that when opening the Configuration Template window on the cluster level, there will already be multiple predefined templates. The image below shows templates created both on the global and the range level.

  1. Log into your Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Configuration Templates.
  3. The Configuration Templates window is displayed.
  4. Click Add Template.
  5. The Add new Template window is displayed.
  6. For Template Name, enter the name of your new template. In this example, the template is referred to by the name cgf-Template-CL.
  7. For Display Name, enter the name to be displayed
    conf_templates_add_new_confTemplate_on_cluster_level.png
  8. Click OK.
  9. Click Activate.
    conf_templates_new_template_on_clusterl_level_showing_templates_only_from_cluster_level.png

The new template you created is displayed in the left view listing the templates, and the green frame marks the new template createdon the cluster level.

If you want, you can repeat Step 1. for two new templates on the global and the range level (cgf-Template-GL, cgf-Template-RL). These two templates are also part of the following images.

Step 2. Create/Derive a New, Strongly Bound Instance from the Configuration Template created on the Cluster Level
  1. Right-click the template cgf-Template-CL in the left view.
  2. Select Lock Template from the list window.
  3. Click Add Instance.
  4. The Add new Template Instance window is displayed.
  5. For Instance name, enter the name for your instance, e.g. my-CGF-instance-CL-sb.
  6. For Display name, enter an individual name to be displayed at other places in the user interface.
  7. For Template Binding, select Strongly Bound.
  8. For Product Type, choose the product type that matches your requirements.
  9. For Appliance Model, choose the appliance model that matches your requirements.
  10. If you have the option to choose the Appliance Sub Model Type, select the appropriate model type.
    conf_templates_add_new_CGF_instance_on_cluster_level_strongly_bound.png
  11. Click OK.
Step 3. Create/Derive a New, Weakly Bound Instance from the Configuration Template created on the Cluster Level
  1. Right-click the template cgf-Template-CL in the left view.
  2. Select Lock Template from the list window.
  3. Click Add Instance.
  4. The Add new Template Instance window is displayed.
  5. For Instance name, enter the name for your instance, e.g. my-CGF-instance-CL-wb.
  6. For Display name, enter an individual name to be displayed at other places in the user interface.
  7. For Template Binding, select Weakly Bound.
  8. For Product Type, choose the product type that matches your requirements.
  9. For Appliance Model, choose the appliance model that matches your requirements.
  10. If you have the option to choose the Appliance Sub Model Type, select the appropriate model type.
    conf_templates_add_new_CGF_instance_on_cluster_level_weakly_bound.png
  11. Click OK.
Step 4. Check the Two New Instances

The new two instances are now displayed in the right list view of the Configuration Template window.

conf_templates_new_instances_created_showing_in_window_on_cluster_level.png

These two new instances now are also displayed in the configuration tree.

conf_templates_strongly_and_weakly_bound_instances_in_configtree.png

The strongly bound instance is displayed as a node that can not be expanded because all subordinated configuration nodes are fully managed by the underlying configuration template framework. Direct changes of the configuration parameters by the user are not possible. This is the safest way of managing large amounts of managed devices in the Control Center.

In contrast, the weakly bound instance is displayed as an ordinary node and enables classical manual configuration in the configuration tree without Configuration Template Manager. However, the price for this option is a potential for configuration conflicts between the automated and the manual configuration.

How to Inspect the Configuration Details for a Configuration-Templates-managed Box in the Configuration Tree

As you can see in the image above, firewall instances are displayed in two ways in the configuration tree:

  • Strongly bound instances – The node is associated with an icon that is smaller than that of an ordinary, manually managed box and that shows a tiny blue pen. This indicates that the configuration can not be modified manually. Therefore, there is no leading '+' sign to expand the node. Double-clicking the node will immediately open the window for Configuration Templates.
  • Weakly bound instances – The node shows a small '+' character left to the node's text description indicating that you can expand the configuration just as for ordinary, manually configured boxes. Also, there is an icon that is smaller than that of an ordinary, manually managed box that shows a tiny yellow pen. This indicates that the configuration may be manually modified although it has been created with Configuration Templates. Double-clicking the node will immediately expand the configuration in the configuration tree.

In some situations, however, it can be necessary to inspect the node's configuration in the configuration tree. You can expand the node of a strongly bound instance if you perform the following steps:

  1. Right-click the node of a strongly bound instance.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Boxes > your strongly bound instance.
  3. In the list window click Show Full Box Configuration.
    conf_templates_config_tree_show_full_box_configuration.png

After the box configuration node is expanded, you will see the sub-nodes of the instance with a leading 'key' icon indicating that the configuration is locked.

Note that you can not unlock this type of locked node with the standard menu item command 'Unlock'.

conf_templates_configuration_tree_showing_full_box_configuration.png

If you want to have such a node displayed without its subordinated nodes, you must reconnect with a new session to the configuration tree.