General discussion

I am embarrassed to say, I have worked with PA fw's for years, but every time I have to work with templates, I end up ruining my day because they make my life difficult. I just don't get them.

Let's say I have 2 templates in a stack, "Network" layer 1 on the bottom, and "VPN" layer 2 on the top.

In Network template, I defined eth1/1 as a public interface.

Then in VPN template, I created a vpn tunnel. But, it has to be tied to an interface, so I had to redefine eth1/1 again here, since it doesn’t see the eth1/1 from the Network template.

But then I try to commit, and get this error, because it says "ethernet1/1 is already I use", which makes sense because I defined it in both layers. This messes me up because the VR can only reside in one layer, which I had in Network. Once I remove eth1/1 from the Network template so the commit works, then the VR and eth1/1 may as well be on different planets, they'll never talk to each other.

So does all the networking have to be defined within the same layer? I guess it would because otherwise you’d have a different VR on each template and they would not mesh together?

Device groups are so much easier to manage because everything flows through, but templates are very constricting.

Take a look at this great video on templates, (which is great but probably out of date as it's v8.x) if you FF to 6:00 it shows he has a Network template, and a LSVPN tempate in a stack. How does this even work, if they both contain networking info, don't they conflict?

Thanks for listening to my ranting, happy to hear what I am missing here.