Skip to main content

Templates

Overview

Templates act as blueprints for defining Zero Trust policies. They consist of a set of security rules that specify what types of network traffic is allowed or denied. These templates are attached to Segments—which are logical groupings of assets—so that the rules are uniformly applied to all assets within a segment.

Templates are reusable and can be assigned to multiple segments, enhancing the flexibility and scalability of the platform.

Once a template is applied to a segment, the defined rules are pushed to the host firewall on each asset. The firewall then enforces these rules, allowing or blocking traffic based on the template’s configuration.

Action of the template

Each Template enforces a single action either Allow or Deny which applies uniformly to all rules defined within that template. This means that every rule in the template will either permit or block traffic, based on the selected action. This design simplifies policy enforcement and ensures consistent behavior across all associated rules.

Rules

A template allows rules to be specified in three different categories:

  • Port Rules
  • Inbound Path Rules
  • Outbound Path Rules

Port Rules

Port rules define the action to be taken on listening ports (ports where processes are actively waiting for inbound communication).

Each rule allows the user to specify:

  • A port or range of ports
  • Protocol: TCP, UDP etc.

Inbound Path

Inbound Path rules control which systems are allowed to send traffic into your asset. Each rule includes the following criteria:

  • Port: The destination port on your asset that will accept the connection
  • Protocol: The type of communication protocol to match, such as TCP, UDP
  • Process Path: The process file path of the executable software that will accept the connection
  • Source: The source of the traffic, such as an Asset, Named Network, Segment, etc.

Outbound Path

Outbound Path rules control which systems are allowed to send traffic out of your asset. Each rule includes the following criteria:

  • Port: The destination port on your asset that will accept the connection
  • Protocol: The type of communication protocol to match, such as TCP, UDP
  • Process Path: The process file path of the executable software that will initiate the connection
  • Destination: The destination of the traffic, such as an Asset, Named Network, Segment, etc.

Template Levels for Breach Response

In addition to everyday enforcement, templates are also critical tools during a security incident. Templates are used to enable dynamic breach containment that is part of the “Contain and Withstand” workflow.

When a threat is detected, operators can quickly apply a specific Template Level to an asset or segment to restrict its communication. This reduces the blast radius and prevents lateral movement. Xshield provides three configurable breach response levels - Red, Orange, Yellow and one default. Templates can be assigned with one or more levels for the template to be enforced.

Template Levels are used to enforce different levels of isolation, for example:

  • Default: Allow the pre-configured inbound/outbound communication required for business as usual operations.
  • Yellow: Allow limited inbound/outbound communication required for monitoring behavior, but no production access.
  • Orange: Completely isolate the asset from the network, except for emergency or investigation traffic.
  • Red: Fully cut off all communication — even internal — except for specific inspection tools.

Each of these levels is powered by a corresponding template that contains predefined deny or allow rules.

This approach allows for rapid response without manual firewall reconfiguration, ensuring that security operations teams can act quickly and confidently during incidents.

For more information, refer to Quarantine, Isolation Levels, and Zones.

Pre-Defined Templates

ColorTokens Xshield provides a set of predefined templates to simplify policy creation and enforcement. These templates are designed to support communication for widely used enterprise services such as Active Directory, MySQL, SCCM, and others.

In addition to enabling essential services, the platform also includes templates specifically created to block traffic on known vulnerable or malicious ports, enhancing the security posture of the environment.

All predefined templates are readily available within the Templates section of the platform and can be applied directly to segments as needed.

Summary

A Template is just a definition and must be attached to a segment in order for it to be applied to the assets. They serve as reusable blueprints that define uniform security rules—either to allow or deny traffic across grouped assets called segments. They support port, inbound and outbound path rules and can be applied dynamically for incident containment or through predefined configurations for common enterprise services.