Skip to content

Policy Group Templates

Due to the numerous configuration items and complex nature of policy groups, the system provides a policy group template function to simplify the process of creating policy groups on the tenant side. Policy group templates are uniformly maintained by system administrators, aiming to provide tenant administrators with a set of reusable policy blueprints that can serve as a reference.

When creating a policy group in a specific tenant context, tenant administrators can directly copy a template from the policy group templates and make minor modifications according to actual business requirements to complete the configuration. This "copying homework" mechanism greatly improves the efficiency of policy deployment.

1. Template List and Management

Access "Resources -> Policy Group Templates" in the system console to view all policy templates currently in the system. In newly deployed environments, the system has a built-in "System Default Policy Group" template:

Policy Group Template List

System administrators can perform the following operations:

  • Edit Template: Adjust the default values of various policies to better align with common security baselines.
  • Create New Template: Create multiple differentiated templates for different industries or typical scenarios (e.g., high-security R&D, general administrative office), saving tenant administrators from repetitive configuration.

Edit Policy Group Template

2. Key Differences

Although policy group templates contain most policy configuration items, there are the following special considerations in their design:

  • Missing Items: Client IP address blacklists and whitelists are not supported in policy group templates.
  • Reasoning: Since the network environments, subnet divisions, and client IP ranges of different tenants vary, system administrators cannot predict the specific address distribution of tenants at the system level. Therefore, this highly individualized configuration item is excluded from templates and must be manually defined by tenant administrators when creating actual policy groups.

O&M Recommendation: It is recommended that system administrators maintain at least two sets of templates—one "fully open" for rapid business testing, and one "standard control" for formal office use—to reduce the configuration difficulty for tenant administrators.