14.1. LogAn Device Templates

A template is a basic component that allows you to configure all settings of a firewall: network settings, firewall rules, content filtering rules, intrusion detection system rules, etc. To create a template, go to the LogAn management --> Templates section, click Add, and provide a name and optional description for the template.

After creating a template, you can configure its settings. To do that, click LogAn templates in the top menu and select the desired template from the drop-down menu that appears.

Template settings are displayed in a tree view, very similar to how they are presented in LogAn. When configuring templates, follow these rules:

  1. If the value of a setting is not defined in the template, nothing will be sent to LogAn. In this case, LogAn will use the default setting or a setting configured by a local administrator.

  2. If the value of a setting is specified in the template, it will override the value assigned to the same setting by a local administrator.

    The following settings can be edited locally on Log Analyzer after configuration received from Management Center:

    • device general settings configured in the Admin console --> General settings section of the Settings tab;

    • network interfaces properties configured in the Network --> Interfaces section of the Settings tab;

    Note

    Settings will be overwritten with the settings configured in Management Center as soon as the settings are changed in the LogAn template by MC realm administrator.

  3. When configuring network interfaces, the first configurable physical interface is port1. The port0 interface is not available for configuration from UGMC; it is always configured by a local administrator and required for primary communication between the MD and UGMC.

  4. When configuring network interfaces, you can create an interface and delegate its configuration to a local administrator. To do that, set the Configured on the device checkbox in the settings for the network interface.

  5. Some settings and policy rules offer the option to apply the setting or rule only to a specific device. To do that, go to the Managed devices tab in the setting/rule properties and select the desired managed device. Despite a certain amount of flexibility that this option provides, avoid overusing it because it complicates the understanding of how settings are applied to LogAn device groups.

  6. Libraries (e.g., IP addresses, URL lists, content types, etc.) have no predefined content in UGMC, unlike the default libraries created on UserGate devices. To use libraries in UGMC policies, you need first to add items to them.

  7. It is recommended to create separate templates for different settings groups to avoid conflicts between settings when templates are combined into template groups and to make it easier to understand the final settings that will be applied to MDs. For example, you can create separate templates for network settings, libraries, etc.