About Applying Firepower Threat Defense Templates
Applying a Firepower Threat Defense (FTD) template to create a new FTD overwrites entirely any existing configuration on the FTD including any staged changes that have not yet been deployed from CDO to the device.
Applying the template to a device is a three step process.
Apply Template to Firepower Threat Defense Device
- (Optional) Before you begin, make a template of your FTD device before you apply another template to it. This gives you a configuration backup you can reference when you need to reapply device and networking settings.
- (Optional) Use change request tracking to apply a tracking label to your changes before you apply the template.
- In the CDO navigation bar, click Devices & Services.
- Use the Devices & Services filter and search field to find the FTD to which you are going to apply the template.
- In the device Actions pane on the right, click Apply Template.
- Select a template or an existing onboarded FTD device to use as a template.
- When using a template, be sure that any changes you have made to the template have been committed and that the template is in the "Synced" state on the Devices & Services page.
- When using an FTD device as a template, be sure that any changes on CDO that you intended to deploy to the device have been deployed and that there are no changes on the device itself that have not been deployed and then read back into CDO. The device must show a Synced state on the Devices & Services page.
- Read the warning: You are applying a full device configuration or template to DeviceName. Deploying this change to DeviceName will overwrite the entire configuration running on that device.
- Click Apply when you are ready to overwrite the existing device configuration with the configuration in the template.
- Dismiss the success message.
- Important: Before you deploy the changes to the device, continue to the next procedure, Reapply Device and Network Settings.
Review Device and Networking Settings
When creating an FTD template, CDO copies the entire device configuration into the template. So, things like the management IP address of the original device are contained in the template. Review these device and network settings before you apply the template to a device:
- Review these FTD device settings to ensure that they reflect the correct information for the new FTD device:
- Review the Firepower access control policy to ensure that rules reference the new FTD's IP addresses where appropriate.
- Review inside_zone and outside_zone security objects to ensure they reference the correct IP address for the new FTD.
- Review NAT policies to ensure they reference the correct IP addresses for the new FTD.
- Review Interface configurations to ensure that they reflect the correct configuration for the new FTD.