Hello Eric, You are right. If you push a network template without checking 'Forced Template Values'', panorama will merge it configuration with the firewall's candidate/running configuration. If 'Forced Template Values' option is checked along with 'Merge with Device Candidate Configuration', panorama will try to override all the configuration on the firewall with the template's configuration which would be catastrophic. If your firewall contains some local configuration , it is always a good practice to NOT check that 'Forced Template Values' option while committing. Hope that helps! Regards, Kunal Adak
... View more