Deploying UGMC at an enterprise requires careful planning. The better the architectural design of your templates and template groups, the simpler and more flexible will be the process of applying management policies to UserGate devices. UGMC allows you to apply common policies efficiently by grouping them based on geography, functionality, or a mix of different aspects.
When planning your architecture, consider these recommendations:
-
Avoid settings conflicts when adding templates to template groups. Conflicts always complicate the management of endpoint MDs. This is the fundamental principle that underlies all recommendations outlined below.
-
Assign different settings groups to different templates so that, e.g., a first template contains common MD settings, a second contains content filtering policies, a third firewall policies, a fourth IDPS policies, etc. By sorting settings groups into different templates, you can prevent conflicts between settings and simplify centralized management.
-
Create device-specific settings in different templates than those where global settings are created. For example, create a template with content filtering rules applicable to all MDs and another template with content filtering rules applicable only to a specific device group. By varying the position of these two templates in the device groups, the administrator can set the correct order of final rules on endpoint devices. This recommendation assumes a manageable number of conflicting settings.
-
Bear in mind the rights of local administrators. If you intend to have local administrators, their rights will be restricted by settings configured outside of UGMC templates, and any rules created by local administrators are always placed between pre- and post-rules applied from UGMC.
Consider several typical UGMC implementation scenarios where the MC is used to manage UserGate NGFWs.