A template is a basic component that allows you to configure all settings of a firewall: network settings, firewall rules, content filtering rules, intrusion detection system rules, etc. To create a template, go to the NGFW management --> Templates section, click Add, and provide a name and optional description for the template.
After creating a template, you can configure its settings. To do that, click NGFW templates in the top menu and select the desired template from the drop-down menu that appears.
Template settings are displayed in a tree view, very similar to how they are presented in a UserGate NGFW. When configuring templates, follow these rules:
-
If the value of a setting is not defined in the template, nothing will be sent to the UserGate NGFW. In this case, the UserGate NGFW will use the default setting or a setting configured by a local UserGate NGFW administrator.
-
If the value of a setting is specified in the template, it will override the value assigned to the same setting by a local administrator.
The following settings can be edited locally on NGFW after configuration received from Management Center:
-
device general settings configured in the UserGate --> General settings section of the Settings tab;
-
network interfaces properties configured in the Network --> Interfaces section of the Settings tab.
Note
Settings will be overwritten with the settings configured in Management Center as soon as the settings are changed in the NGFW template by MC realm administrator.
-
-
Policy rules do not override rules created by a local administrator but supplement them as pre- and post-rules instead. For more details on how rules are applied, see the section Templates and Template Groups.
-
When configuring network interfaces, the first configurable physical interface is port1. The port0 interface is not available for configuration from UGMC; it is always configured by a local administrator and required for primary communication between the MD and UGMC.
-
When configuring network interfaces, you can create an interface and delegate its configuration to a local administrator. To do that, set the Configured on the device checkbox in the settings for the network interface.
-
Some settings and policy rules offer the option to apply the setting or rule only to a specific device. To do that, go to the Managed devices tab in the setting/rule properties and select the desired managed device. Despite a certain amount of flexibility that this option provides, avoid overusing it because it complicates the understanding of how settings are applied to UserGate NGFW groups.
-
Libraries (e.g., IP addresses, URL lists, content types, etc.) have no predefined content in UGMC, unlike the default libraries created on UserGate NGFW devices. To use libraries in UGMC policies, you need first to add items to them. Library items are not synchronized; if a list was created but is not used in any policy, this list will not appear in a NGFW library section.
-
It is recommended to create separate templates for different settings groups to avoid conflicts between settings when templates are combined into template groups and to make it easier to understand the final settings that will be applied to MDs. For example, you can create separate templates for network settings, firewall rules, content filtering rules, libraries, etc.