Config Templates
Config Templates define the baseline configuration for edge devices. Instead of manually configuring every setting on each edge, you create a template once and apply it during provisioning — physical interfaces, logical ports, routing, NAT, WireGuard, SSH, IPFIX, BGP, and DHCP are all set up in one operation.
Who Can Use Templates
Config Templates are available to SuperAdmins and TenantAdmins with create/update permissions. Navigate to Equipment > Config Templates in the sidebar.
Template Types
| Type | Description | Editable | Deletable |
|---|---|---|---|
| System | Built-in baseline templates provided by the platform. Read-only. | No | No |
| Custom | Templates you create or duplicate from system templates. Fully editable. | Yes | Yes |
System templates provide sensible defaults for each edge model. To customize them, use the Duplicate action to create an editable copy.
Default Templates
One template per edge model can be marked as the Default. The default template is automatically suggested when provisioning new edges of that model. Setting a new default automatically unsets the previous one.
- Tenant-specific defaults take priority over global defaults
- You can have different defaults per tenant
Templates List
The Config Templates page displays all available templates in a table:
| Column | Description |
|---|---|
| Template Name | Name and description |
| Edge Model | Device model (e.g., VSR1000) |
| Default | Blue badge if this is the default template for its model |
| Type | "System" (gray) or "Custom" (green) |
| Actions | Duplicate, Edit, Delete (custom templates only) |
Quick Actions
- Create Template — Opens the template editor for a new custom template
- Duplicate — Creates an editable copy of any template (including system templates) with "(Copy)" appended to the name
- Edit — Opens the template editor for a custom template
- Delete — Soft-deletes a custom template (does not affect edges already provisioned from it)
What Templates Configure
A template covers the following sections:
| Section | What It Sets |
|---|---|
| Physical Interfaces | Port type, MTU, enabled/disabled per hardware port |
| Logical Interfaces | WAN/LAN roles, IP addressing, VLAN, DHCP client, MSS clamping |
| Static Routes | Destination, next hop, interface, metric |
| SNAT Rules | Source NAT / masquerading for outbound traffic |
| DNAT Rules | Port forwarding — public IP:port to private IP:port |
| IoT Gateway (wg0) | WireGuard IoT tunnel — listen port, server address, MTU |
| App VPN (wg1) | WireGuard or IKEv2 App VPN — protocol, listen port, DNS, MTU |
| SSH Remote Access | Reverse SSH tunnel for remote management |
| IPFIX / Flowprobe | Flow export to collector — timers, record layers |
| BGP | Autonomous System Number and Router ID |
| DHCP Pools | IP address pools for LAN DHCP serving |
Some features are configured per-edge after provisioning rather than in templates:
- Suricata IDS/IPS and Service Chaining
- Access Control Lists (ACLs)
- QoS and Traffic Policers
- E2E Peering Tunnels
- WireGuard / App VPN Peers
Next Steps
- Creating a Config Template — Walkthrough of every section in the template editor
- Applying a Template — What happens when you apply a template to an edge