A template is a basic component that allows you to configure all settings of a firewall: network settings, firewall rules, content filtering rules, intrusion detection system rules, etc. To create a template, go to the LogAn management ➜ Templates section, click Add, and provide a name and optional description for the template.
After creating a template, you can configure its settings. To do that, click LogAn templates in the top menu and select the desired template from the drop-down menu that appears.
Template settings are displayed in a tree view, very similar to how they are presented in LogAn. When configuring templates, follow these rules:
-
If the value of a setting is not defined in the template, nothing will be sent to LogAn. In this case, LogAn will use the default setting or a setting configured by a local administrator.
-
If the value of a setting is specified in the template, it will override the value assigned to the same setting by a local administrator.
After receiving the settings from Management Center, the settings for the following sections can be changed locally on Log Analyzer:
-
general device settings: the General settings tab, Admin Console ➜ Settings section;
-
network interface settings: General settings tab, Network ➜ Interfaces section.
Note The setting will be overridden when this setting is changed by the realm administrator in the LogAn template on UGMC. -
-
When configuring network interfaces, the first configurable physical interface is port1. The port0 interface is not available for configuration from UGMC; it is always configured by a local administrator and required for primary communication between the managed device and UGMC.
-
When configuring network interfaces, you can create an interface and delegate its configuration to a local administrator. To do that, set the Configured on the device flag in the settings for the network interface.
-
Some settings and policy rules offer the option to apply the setting or rule only to a specific device. To do that, go to the Managed devices tab in the setting/rule properties and select the desired managed device. Despite a certain amount of flexibility that this option provides, avoid overusing it because it complicates the understanding of how settings are applied to LogAn device groups.
-
Libraries (e.g., IP addresses, URL lists, content types, etc.) have no predefined content in UGMC, unlike the default libraries created on UserGate devices. To use libraries in UGMC policies, you need first to add items to them.
-
It is recommended to create separate templates for different settings groups to avoid conflicts between settings when templates are combined into template groups and to make it easier to understand the final settings that will be applied to managed devices. For example, you can create separate templates for network settings, libraries, etc.