I think I am hitting a limitation on the template-stacks, but maybe there is a nice workaround that you guys can help me with...
Contrary to Device groups, which have "shared" objects, templates use stacks which is a little different.
The limitation to this seems to be that you can not reference a template value between different templates...
Simple example to explain what I mean:
=> if you commit; the device will receive its unique network interfaces + the shared admin user = this works and looks like template-stacking is the solution to all the "duplicate" objects between FW-templates
If we want to do something a bit more advanced (the following is just an example)
=> HERE IS THE ISSUE: you can not select the ldap-auth-profile, because the auth-profile was created in another template (the "shared-template")
So you have to be sure that all the components that will ever use a template object will have to be configred within the same template. This limitation becomes difficult fast, because a lot of the template objects are linked ex: ldap profile -> auth-profile => admin users, but also: group-mapping, globalprotect config, etc... and a lot of these things will have different config on the devices.
Anybody had similar experiences? How did you work around them?