Apply an FDM Template

Before applying a template, you can identify its contents by navigating to the Inventory page and filter for Model/Template. Cisco Defense Orchestrator displays the corresponding template part icons to show the parts included in that template. This information also appears in the Device Details pane when you click the device or when you hover over the mouse pointer on the icon.

You can parameterize the following attributes to enable per-device customization, which means you can apply device-specific values at the time of applying the template:

When applying the FDM-managed device template, you can change the parameterized values of interfaces and subinterfaces configured when creating the template.

Apply a Complete Template

Applying a complete FDM-managed device template to create a new FDM-managed device overwrites entirely any existing configuration on the FDM-managed device, including any staged changes that have not yet been deployed from CDO to the device. Anything on the device that was not included in the template will be lost.

Apply a Custom Template

Applying a custom FDM-managed device template to other FDM-managed devices will retain or remove the existing configuration based on the template part. The following table provides the changes that occur after applying the custom template on other FDM-managed devices.

Template Parts

After Applying Custom Template

Access Rules

  • New access control rules present in the custom template overwrites any existing access control rules on the device.

  • New objects and interfaces (with sub-interfaces), if any, in the custom template are applied to the device without deleting any existing objects and interfaces.

NAT Rules

  • New NAT rules present in the custom template overwrites any existing NAT rules on the device.

  • New objects and interfaces (with sub-interfaces), if any, in the custom template are applied to the device without deleting any existing objects and interfaces.

Settings

  • New system settings from the custom template are applied to the device without deleting any existing system settings.

  • New objects and interfaces (with sub-interfaces), if any, in the custom template are applied to the device without deleting any existing objects and interfaces.

Interfaces

  • New interfaces and sub-interfaces from the custom template are applied to the device without deleting any existing interfaces and sub-interfaces.

  • CDO does not allow applying a template to a device where more interfaces are defined in the template than there are interfaces on the device.

Objects

  • New objects from the custom template are applied to the device without deleting any existing objects.

  • New interfaces and sub-interfaces, if any, in the custom template are applied to the device without deleting any existing interfaces and sub-interfaces.

Prerequisites

The following conditions must be met prior to applying a template:

  • When using a template, be sure that any changes you have made to the template have been committed and that the template is in the "Synced" state on the Inventory page.

  • When using an FDM-managed device as a template, be sure that any changes on CDO you intended to deploy to the device have been deployed and that there are no changes from the firewall device manager console that have not been deployed. The device must show a Synced state on the Inventory page.

Applying the template to a device is a three-step process.

  1. Apply the template to the device

  2. Review device and network settings

  3. Deploy the changes to the device