About Applying FTD Templates
Before applying a template, you can identify its contents by navigating to the Devices & Services page and filter for Model/Template. CDO displays the corresponding template part icons to show the parts included in that template. This information also appears in the Device Details pane when you click the device or when you hover over the mouse pointer on the icon.
You can parameterize the following attributes to enable per-device customization, which means you can apply device-specific values at the time of applying the template:
When applying the FTD template, you can change the parameterized values of interfaces and subinterfaces configured when creating the template.
Apply a Complete Template
Applying a complete Firepower Threat Defense (FTD) template to create a new FTD overwrites entirely any existing configuration on the FTD, including any staged changes that have not yet been deployed from CDO to the device. Anything on the device that was not included in the template will be lost.
Apply a Custom Template
Applying a custom Firepower Threat Defense (FTD) template to other FTDs will retain or remove the existing configuration based on the template part. The following table provides the changes that occur after applying the custom template on other FTD devices.
|Template Parts||After Applying Custom Template|
Applying the template to a device is a three-step process.
The following conditions must be met prior to applying a template:
- When using a template, be sure that any changes you have made to the template have been committed and that the template is in the "Synced" state on the Devices & Services page.
- When using an FTD device as a template, be sure that any changes on CDO you intended to deploy to the device have been deployed and that there are no changes from the FDM console that have not been deployed. The device must show a Synced state on the Devices & Services page.
Apply Template to an FTD
Important: Before you deploy the changes to the device, continue to the next procedure: Review Device and Networking Settings.
You can use change request tracking to apply a tracking label to your changes before you apply the template. Use the following procedure to apply an FTD template:
- (Optional) Before you begin, make a template of your FTD device before you apply another template to it. This gives you a configuration backup you can reference when you need to reapply device and networking settings.
- In the CDO navigation bar, click Devices & Services.
- Use the Devices & Services filter and search field to find the FTD device or template to which you are going to apply the template.
Note: If you change the name of the template at this point, you are applying a full device configuration or template to DeviceName. Deploying this change to DeviceName will overwrite the entire configuration running on that device.
- In the device Actions pane on the right, click Apply Template.
- Click Select Template and select the desired template and click Continue.
- You can configure the following and click Continue appearing on each screen.
- Map Interfaces: Confirm or change the mapping of interfaces between the template and the device. Note that you cannot have more than one template interface mapped to a single device interface; if the interface configuration is not supported, you cannot continue and apply the template.
- Fill Parameters: Customize the interface or sub-interface parameter values for the device that you are applying the template to.
- Review: Review the template configuration and click Apply Template when you are ready to overwrite the existing device configuration with the configuration in the template.
- Click Review and deploy now the changes you made, or wait and deploy multiple changes at once.
Review Device and Networking Settings
When creating an FTD template, CDO copies the entire device configuration into the template. So, things like the management IP address of the original device are contained in the template. Review these device and network settings before you apply the template to a device:
- Review these FTD device settings to ensure that they reflect the correct information for the new FTD device:
- Review the Firepower access control policy to ensure that rules reference the new FTD's IP addresses where appropriate.
- Review inside_zone and outside_zone security objects to ensure they reference the correct IP address for the new FTD.
- Review NAT policies to ensure they reference the correct IP addresses for the new FTD.
- Review Interface configurations to ensure that they reflect the correct configuration for the new FTD.