It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda WAF Control Center
Overview Documentation Training Materials

Templates

  • Last updated on

Understanding Templates

A template is a reusable configuration file. It represents parts of your Barracuda Web Application Firewall's existing configuration. You can create three types of templates:

  • Full – A Full template represents a configuration object. You can create a new object with the desired settings using the Full template option. For example, a 'Service' template would include all (selected) URL Profiles, Parameter Profiles, Rule Groups, URL ACLs, etc., associated with the service. Typically, a full template includes all the relevant information pertaining to an object. You can edit the values of the parameters if required when creating this template. See Tables 1 and 2 below for more information.
  • Partial – A Partial template represents parts of configuration of an object. With the Partial template, you can update the configuration of existing objects. Applying a partial template can be considered analogous to perform a "Bulk Edit" operation. For example, consider you want to update the Session Timeout value for multiple services. You can create a template with only Session Timeout value modified. When this template is applied on service(s), it only updates the Session Timeout value keeping other parameter values intact.
  • Composite – A Composite template is a group of full templates of the same type of objects. It can be used when you want to migrate multiple objects of the same type from the QA environment to the production environment. For example, you want to copy URL profiles of an application to another application. You can create a template with selected URL profiles and apply it on the application for which these URL profiles needs to be configured. This will create URL profiles for the selected application on the WEBSITES > Website Profiles page.

Note that you cannot edit the values of parameters when creating a Composite template. If you wish to edit the values of certain parameters, download the template, open the XML file and edit the values before importing it.

Object Type and Dependency Objects

A template only contains a reference to "dependency objects". This means that when the template is downloaded and imported on another Barracuda Web Application Firewall, the dependencies are not imported. While using such a template, all dependencies appear as "key" parameters in the "Use Template" wizard and thus the appropriate dependencies can be referenced before applying the template. For example, when importing a template of a HTTPS service, the certificate is not imported. While applying the template, the certificate appears as a "key" parameter in the wizard and one of the existing certificates on the unit can be associated with the service.

Table 1 lists each object type and Objects on which the Object Type is dependent.

Object Type

Dependency Object

Service

  • Rate Control Pool
  • Authentication Service
  • Trusted Hosts Group
  • Session Identifiers
  • Web Firewall Policy
  • Certificate
  • Geo Pool

Server

  • Client Certificate

URL Profile

  • Custom Blocked Attack Types

Parameter Profile

  • Custom Parameter Class

Rule Group Server

  • Client Certificate

URL Policy

  • Rate Control Pool

Secure Browsing Policy

  • Credential Server

URL ACL

  • Response Page

Header ACL

  • Custom Blocked Attack Types

Security Policy

  • Custom Blocked Attack Types

Global ACL

  • Response Page

Data Theft Protection

  • Custom Identity Theft Type

Custom Parameter Class

  • Custom Blocked Attack Types
  • Custom Input Type Validation

Table 2. List of Dependency Objects.

Dependency Object Name

Description

Rate Control Pool

A rate control pool can be created on the ADVANCED > Libraries page.

Authentication Service

An authentication service can be created on the ACCESS CONTROL > Authentication Services page.

Trusted Hosts Group

A trusted hosts group can be created on the WEBSITES > Trusted Hosts page.

Session Identifiers

A session identifier can be created on the ADVANCED > Libraries page.

Web Firewall Policy

A web firewall policy can be created on the SECURITY POLICIES > Policy Manager page.

Certificate

A certificate can be created on the BASIC > Certificates page.

Client Certificate

A client certificate can be associated on the ACCESS CONTROL > Client Certificates page.

Custom Blocked Attack Types

A custom blocked attack type can be created on the ADVANCED > Libraries page.

Custom Parameter Class

A custom parameter class can be created on the ADVANCED > Libraries page.

Credential Server

A credential server can be created on the WEBSITES > Secure Browsing page.

Response Page

A response page can be created on the ADVANCED > Libraries page.

Custom Identity Theft Type

A custom identity theft type can be created on the ADVANCED > Libraries page.

Custom Input Type Validation

A custom input type validation can be created on the ADVANCED > Libraries page.

 

 Creating Templates

You can create service, security policy, and configuration templates and selectively apply (or reset) those templates to connected Barracuda Web Application Firewall devices in the Cloud Control Context view. This allows you to store your templates in a repository and synchronize data as needed. The BASIC > Templates page displays all defined templates in the Template Repository table.

Create a Template

Use the following steps to create a template.

  1. Log into the Barracuda Web Application Firewall Control Center as the Barracuda Web Application Firewall Control Center Account Admin, and go to the BASIC > Templates page.
  2. From the Create From Appliance drop-down menu, select the appliance, and then click Create Template; the Create Template wizard displays.
  3. click on the Barracuda Web Application Firewall in the left pane that you want to use to create the source object for your template. The view changes to the Proxy (Product) context display the Barracuda Web Application Firewall web interface for the selected device.
  4. Define your source object for the template. Go to the ADVANCED > Templates page. Note: You can also define services and policies within the web interface, for example BASIC > Services, and then click Import Template to add a new template of that particular object type.
  5. Click Create Template to define a new template. The template created is a self-contained object. For example, a 'Service' template would include all (selected) URL Profiles created for that service, Parameter Profiles, Rule Groups, URL ACLs etc. In short, a template would include all the relevant information pertaining to that object and not just the primary values. For information on object type and dependency objects, see Object Type and Dependency Objects and List of Dependency Objects.
  6. In the Create Template window, enter a unique Name to represent the template. The name can include alphanumeric characters and underscores (_). Any other special characters such as space, semicolon, asterisk, periods (.), hyphens (-), etc. are not allowed.
  7. Select the Template Format:
    1. Full - Creates a template for an object, which includes all configuration under that object. For example, a 'Service' template would include all (selected) URL Profiles created for that service, Parameter Profiles, Rule Groups, URL ACLs etc. In short, a template would include all the relevant information pertaining to that object and not just the primary values. You can edit the values of the parameters if required when creating this template.
    2. Composite - Creates a template for a particular object type. Composite template is useful when you want multiple instances of the same object type in a single template. For example, consider "Server" as your "Template Type". This will list all servers configured under each service. Select the servers which you want to include in the template and click Create. Note that you cannot edit the values of configuration parameters when creating a Composite template. If you wish to edit the values of certain parameters, download the template, open the XML file and edit the values before importing it. For more information on how to edit a composite template, see Edit Template.
    3. Template Type - Select an object type for which you want to create a template. For example, Service, Server, URL Profile, Parameter Profile.
    4. Based On - Select the object for which you want to create a template. For example, service1.
  8. Click Create. The new template is added to the list of Available Templates.
  9. Click on your user name in the left pane to switch back to the Cloud Control Context:
  10. In the Barracuda Web Application Firewall Control Center web interface, go to BASIC > Templates.
  11. From the Import drop-down menu, select the device where you created the source object; all source objects available on the selected device display:
  12. Select the source object you want to import, and then click Import. The table populates with your selections.
  13. In the Actions column for the new service, click Use; the available destinations display in a new window. The Use operation allows you to apply a template to selected destinations. For example, if you are applying a URL Profile template, the destination option can be a 'Service', because a URL Profile logically exists within a Service. If you are using a "Full" template, the Use template wizard displays different key parameters for each object. For a Composite template, the Use template wizard displays only the Destination field.

Expand the available options to select those devices to which to push the template: