Best Practices for Templates

I think it largely depends on what your environment looks like. We have a "common" template where most things set up on the "device" tab are the same across all firewalls and then we have site specific templates. We combine those into site stacks.

Basically anyways.

If you need to override things for certain sites you can take advantage of the hierarchy of templates in a stack. Put a template that mangles your log forwarding at the top of your stack and that firewall is incapacitated without needing to edit the template for everyone

We tried using variables and it caused us problems. We have Palo Alto resident engineer on staff, and he and I don’t like variables. I’m just thinking that 360 Network templates and stacks is a lot and a potential nightmare.

Recently we had to disable logging for a specific location because of bandwidth issues. Unfortunately this was in a shared template and we had to stop logging for a number of sites at the same time.

I really just don’t like doing interface configurations locally.

It's normal, but that doesn't mean you can't improve :) (been there done that) Have you considered using variables? That can help cut down on some templates where most things are generic, but one or a few settings are unique (GlobalProtect, high availability,...) In most cases I've ended up with 3-5 shared templates (regional, global, management, some special issues)