Organizations managing multiple Cisco Meraki MX security appliances across sites often want to push out identical configurations — and subsequent setting changes — to them all. Meraki MXs will support template-based networks, a feature that lets network administrators configure one MX network as a master template whose configuration is pushed to other MX networks “bound” to it. This feature will be rolled out in our upcoming firmware update, scheduled for the end of this calendar year.
This greatly simplifies multi-site management. Not only do templates allow you to make configuration changes for several sites at once, but you can create many templates and bind separate networks to them, enforcing varying levels of security across sites.
For example, suppose you oversee a distributed network and want to ensure that all branch location MXs are configured with certain firewall and traffic shaping rules. Other settings — such as addressing, Active Directory authentication, security and content filtering, alerts, dashboard administrator access, and more — could also be configured, but we’ll keep this example simple.
To create a network template, simply go to Organization > Configuration templates in the Meraki dashboard. Select the Add a new template button, name your new template, and choose a network to copy initial settings from if need be.
Once you’ve created an MX template network, it’s time to make configuration changes that will propagate to all other MXs linked or “bound” to it. In our example, you’d now select the network template you just created, and configure site-wide rules throttling and prioritizing certain applications or traffic categories.
When you’re ready to link other MX networks to your template, navigate back to Organization > Configuration templates and click the name of the template you’ve just modified.
You’ll see more details on which MX networks are already linked to this specific template, along with an option to bind more networks to it.
Simply select the wired networks you’d like to bind to the template, and click Bind.
Now, the configuration that you’ve created for your MX template network will propagate to all other MX networks that are linked to it.
A few considerations
First, MX configuration templates differ from the configuration sync tool in that template-bound networks will inherit all settings from the MX template network, and these inherited settings override any locally configured settings. Also, configuration templates are only available to Cisco Meraki MX networks; MX security settings are propagated down to other MXs. You cannot link other Meraki devices — such as APs or switches — to templates.
If you manage dozens of branch locations with MX security appliances, configuration templates can save you lots of time and troubleshooting, as well as help you quickly ensure baseline security across all sites in just a few dashboard clicks. We’re excited by this new enhancement, and encourage you to try it out in your organization. If you’d like to test drive some MXs, please check out our free eval program!