Accounts & Organizations
Authentication, org management, roles, and invitations.
Getting Started
This section walks you through NetDefense’s core concepts in a progressive order. Each page explains what a feature does, why it matters, and shows practical examples using both NDCLI and NDWeb.
Concept Hierarchy
NetDefense organizes firewall management in layers. Understanding this hierarchy makes everything else click:
Organization├── Accounts & Roles (who can do what)├── Devices (managed firewalls)├── Organizational Units (device groups)│ └── Templates (policy sets assigned to OUs)│ └── Snippets (individual config pieces)├── Variables (parameterize snippets per scope)├── VPN Networks (WireGuard overlays)└── Backups (encrypted device config backups)Changes flow downward: editing a snippet updates every template that includes it, which updates every OU that uses that template, which updates every device in that OU.
Topics
Devices
Device lifecycle, key fields, and approval workflow.
Organizational Units
Logical device groupings that share the same policy.
Snippets
The smallest unit of configuration — rules, aliases, DNS, and more.
Templates
Reusable policy sets that group snippets together.
Policy Chain
How the final device configuration is assembled from templates.
Sync & Delivery
How configuration changes propagate to devices.
Backups
Encrypted device backups to S3-compatible storage.
VPN Networks
WireGuard-based overlays with hub, spoke, and mesh topologies.
Variables
Parameterize snippets with scope-based variable resolution.
Remote Access
Secure terminal and web admin access through NDPathFinder.
Automation
JSON output and scripting with jq for CI/CD workflows.
Prerequisites
Before diving in, make sure you have:
- A NetDefense account — join the waitlist if you don’t have one yet
- NDCLI installed and configured
- NDAgent installed on at least one OPNsense device