Settings are grouped into templates, each of which contains the settings for a specific module, making it possible to avoid settings conflicts. All templates taken together form a centrally managed policy applied to all managed devices in the company. For managed devices that need a device-specific policy, separate templates are added. Network interfaces are configured by local administrators.
This scenario is recommended for most enterprises. An example configuration is shown in the figure below.
In this example, the templates contain the following settings:
-
General-Settings Template: the global settings (timezone, logging level, DNS servers, etc.)
-
General-IDPS Template: the global intrusion detection system policies
-
General-CF Template: the global content filtering policies
-
General-FW Template: the global firewall policies
-
Retail-CF Template: the content filtering policies specific to retail units.