I have somewhat of an idea on how to do this and have a plan to go about it but I could use some extra advice. A couple things:
- We have some older devices that are only capable of 8.1 and a bunch of newer devices on 9.0. Is there a big difference between them when converting to Panorama Templates?
- I have had some recommendations to upgrade to 9.1 that it is more stable and I can utilize Policy optimizer along with BPA prior to converting to Templates. Is this a good idea?
- My biggest challenge right now is converting a close to standard FW to different template stacks. How granular would you get with templates and stacks? Would it be best to create a separate template for each set of things i.e. a template for Global Address Objects, A template for Global Service Objects etc. ? My goal is to create a fairly uniform Global Stack (2 VR, 1 for each ISP, Standard GP setup, Global Rules and Objects etc) that I can use with variables to convert each HA pair to get them as uniform as possible and then apply some regional and/or site level templates to the stacks as needed. Our sites are pretty similarly setup so this should be possible even the current standalone configurations are slightly different.
No comments:
Post a Comment