Skip to main content

 

 

Cisco Defense Orchestrator

Configure an FTD Template

Prerequisites

Before you create a Firepower Threat Defense (FTD) template, onboard to CDO the FTD from which you will create the template. You can only create an FTD template from an onboarded FTD device.   

We strongly recommend using templates to configure brand new FTD devices being added to your environment. 

Note: When you create a template from an FTD device, the RA VPN objects are not included in the template. 

Create an FTD Template

When creating a template, if you select all parts, the template will include every aspect of that device's configuration; it's management IP address, interface configurations, policy information, and so on. 

If you select some of the parts, the custom template includes the following entities. 

Template Parts Parts included in Custom Template 
Access Rules Includes access control rules and any related entities for those rules. For example, objects and interfaces (with sub-interfaces).
NAT Rules Includes NAT rules and any related entities required for those NAT rules. For example, objects and interfaces (with sub-interfaces).
Settings Includes system settings and any related entities required for those settings. For example, objects and interfaces (with sub-interfaces).
Interfaces  Includes interfaces and sub-interfaces.
Objects Includes objects and any related entities required for those objects. For example, interfaces and sub-interfaces.

Use this procedure to create an FTD template:

  1. In the CDO navigation bar, click Devices & Services.
  2. Use the filter or search field to find the FTD from which you want to create the template. 
  3. In the Device Actions pane on the right, click Create Template
    The Name Template provides the count of each part on the device. It also shows the count of sub-interfaces, if any.
  4. Select the parts that you want to include in the template.
  5. Enter a name for your template.
  6. Click Create Template
  7. In the Parameterize Template area, you can perform the following:
    • To parameterize an interface, hover (until you see curly braces) and click a cell corresponding to that interface.
    • To parameterize a sub-interface, expand the interface that has a sub-interface, and hover (until you see curly braces) and click a cell corresponding to that sub-interface.

You can parameterize the following attributes to enable per-device customization. 

  • Logical Name
  • State
  • IP Address/Netmask

Note: These attributes only support one value per parameter. 

  1. Click Continue.
  2. Review the template and any parameterizations. Click Done to create the template. 

The Devices & Services page now displays the FTD template you just created. 

Note: After creating a template, in the Devices & Services pane, CDO displays the corresponding template part icons to show the parts included in that template. This information also appears in the Device Details pane when you click the device or when you hover over the mouse pointer on the icon.

The following picture shows an example of a part icon to show that the template includes "access rules", "NAT rules", and "objects". 

Custom_Template_Example.jpg

Edit an FTD Template

Edit the template parameters with the following procedure:

  1. In the CDO navigation bar, click Devices & Services.
  2. Use the Model/Template filter to find the template you want to modify.
  3. In the Device Actions pane on the right, click Edit Parameters.
  4. (Optional) make any changes to the parameters by directly editing the text box.
  5. Click Save

You can edit the rest of the FTD template just as you would the configuration of a live FTD device. You can edit your FTD template with the following configurations:

Delete an FTD Template

You delete an FTD just as you would remove an FTD device from CDO:

  1. In the CDO navigation bar, click Devices & Services.
  2. Use the Devices & Services filter and search field to find the FTD template you want to delete.
  3. In the Device Actions pane, click Remove trash.png.
  4. Read the warning message and click OK to delete the template.

 

Related Topics

  • Was this article helpful?