Set of Templates with Per-Module Settings, Some Module-Specific Settings for a Certain Managed Device Group, Network Configured Locally

Settings are grouped into templates, each of which contains the settings for a specific module, making it possible to avoid settings conflicts. All templates taken together form a centrally managed policy applied to all managed devices in the company. For managed devices that need a device-specific policy, separate templates are added. Network interfaces are configured by local administrators.

This scenario is recommended for most enterprises. An example configuration is shown in the figure below.

image5

In this example, the templates contain the following settings:

  • General-Settings Template: the global settings (timezone, logging level, DNS servers, etc.)

  • General-IDPS Template: the global intrusion detection system policies

  • General-CF Template: the global content filtering policies

  • General-FW Template: the global firewall policies

  • Retail-CF Template: the content filtering policies specific to retail units.