Segmentation Templates Installation and Upload
Install a Segmentation Template
Retrieve the Segmentation Template Catalog.
When a template has not been installed, an Install button appears on the page.
Click Install.
The End User License Agreement (EULA) appears.
Accept the EULA and click Continue.
Before the PCE installs the template, it checks that the policy objects required by the template don’t conflict with any existing policy objects in your organization. The time it takes to process the check depends on the number of policy objects in your organization. When the PCE detects any conflicts during the check, it cancels the installation and does not install any policy objects. You are prompted to rename the conflicting objects.
When the check is successful, the PCE adds the included policy objects to Draft mode, allowing you to review and edit them before provisioning.
As the policy objects are added, links to the objects appear in the template details page.
Note
Global policy objects—such as All Services and Any (0.0.0.0/0 and ::/0)—don’t include links to the objects in the Segmentation Template details page.
Upload a Segmentation Template
When you download a Segmentation Template from the Illumio Support portal, you save the template locally as a JSON file.
Log in to the Illumio Support portal with your Illumio Support username and password.
Click Tools > Illumio Segmentation Templates.
On the "Illumio Segmentation Templates" page, click the DOWNLOAD button.
Accept the EULA license agreement and click Continue.
Name the template and define where to download it on your system.
Click Save.
Update a Segmentation Template
Updating a Segmentation Template to a later version allows you to edit or add services, rule sets, labels, label groups, or IP lists. However, updating a template does not remove policy objects added by a previous version.
Note
Later versions of templates are fully backwards-compatible with previous versions.
Retrieve the Segmentation Template Catalog.
When a new version of a Segmentation Template is available for a template that you have installed, the template displays an "Update " button.
Click Update.
If you edit the Segmentation Template after installing it, a dialog box appears prompting you to specify how to install the new version. For example, you added a new port and protocol to a service that the template created. You can revert the template to the Illumio list of ports and protocols for that service or keep your changes.
If necessary, choose how to handle template changes:
Overwrite: The PCE replaces the policy objects that you edited with the version in the new template and removes the word “edited” after the ID number in the External Data Reference field.
Preserve Changes: Your changes to the policy objects added by the template are kept.
Note
If you have edited multiple policy objects associated with a template, you must choose whether to overwrite or preserve all your changes. You cannot overwrite some and preserve some.
The PCE updates the version numbers of all policy objects associated with the template, even when the new template changes only a subset of the objects.
Note
Segmentation Templates can share policy objects; therefore, a policy object can have a later version than its associated template, because another template updated the object. For example, you can have version 1 of a template installed, and it includes version 2 of some policy objects.
Uninstall a Segmentation Template
Retrieve the Segmentation Template Catalog.
After you install a Segmentation template, an Uninstall button appears on the page.
Click Uninstall.
When you uninstall a Segmentation Template, the PCE removes all the policy objects that are associated with that template, except when an object is in use. Policy objects that are shared with other installed templates are not removed. Policy objects that are added to other policy objects are not removed. For example, you added a service associated with a template to a ruleset.