Understanding Templates and Groups

Use templates to define a common device configuration and then reuse that configuration information across multiple devices. In a template, you can define only those configuration parameters that you want to set; you do not need to specify a complete device configuration. Templates provide two benefits:

When you apply a template to a device, NSM applies the template settings to the device. For example, you can create a template that specifies the IP address of the NTP server to which all managed security devices synchronize their clocks. You can apply this template to the configuration of each device in your domain so that all devices use the same NTP server. You can apply the same template to different types of security devices, from NetScreen-5XT appliances to NetScreen-5200 systems.

A template contains all possible fields for all possible devices. Not all devices have all fields. You can apply a template to any device. NSM will ignore any fields that do not apply to the given device.

A template can refer to other templates, enabling you to combine multiple templates into a single template. When you make changes to any of the referenced templates, those changes are propagated through the combined template.

Note: For more information on using templates, template limitations, and exporting and importing device templates, see Network and Security Manager Administration Guide. For instructions on creating and applying templates, see the Network and Security Manager Online Help topics “Adding Device Templates” and “Applying Templates.”

Using Global Device Templates

In NSM, you can make global-domain templates available for reference in subdomains. However, if an administrator disables the Allow use of global templates in subdomains flag in the preferences, the administrator must also identify and remove all uses of the global templates in the subdomains. You can do this by removing the template from subdomain devices with the template operations directive in each relevant subdomain.

Using Device Groups

Use device groups to organize your managed devices, making it easier for you to configure and manage devices within a domain. You can group devices by type (such as all the NetScreen-5GTs in a domain), by physical location (such as all the security devices in the San Jose office), or logically (such as all the security devices in sales offices throughout western Europe).

Groups enable you to execute certain NSM operations on multiple security devices at the same time. For example, if you have a group of the same type of devices running similar ScreenOS versions, you can upload the firmware on all devices in the group at the same time. You can also add devices to the NSM UI, place the devices in a group, and then import the device configurations for all devices in the group at one time.

The devices that you add to a group must exist; that is, you must have previously added or modeled the devices in the domain. You can group devices before configuring them. You can add a device to more than one group. You can also add a group to another group.

Note: You cannot apply a template to a group. You must apply templates to individual devices in a group. If you need to apply the same set of templates to multiple devices, you can create a single template that includes all the templates that are to be applied to a device, and then apply the combined template to each device. For examples on creating a device group or configuring device information, see Network and Security Manager Administration Guide.

Related Documentation