Trigger templates let you define a reusable set of trigger conditions once and apply them across multiple dynamic policies. Instead of re-entering the same conditions for each policy, create a template and reference it whenever you configure trigger conditions in a dynamic policy.
How trigger templates work
Secure Access Service Edge (SASE) monitors devices in real time through its dynamic decision-making feature. When a device satisfies a dynamic policy's trigger conditions, the system automatically adjusts security measures for that device. Trigger templates simplify policy setup by centralizing condition definitions that multiple policies can share.
Create a trigger template
Log on to the SASE console.
In the left-side navigation pane, choose Dynamic Decision-making > Trigger Templates.
On the Trigger Templates tab, click Create Template.
In the Create Template panel, configure the following parameters.
Parameter Description Template name Enter a name for the template. The name must be 2–32 characters and can contain letters, digits, hyphens (-), and underscores (_). Trigger settings Configure one or more trigger conditions and specify a logical operator. For details on available conditions and operators, see Trigger settings parameters. 
Click OK.
Manage trigger templates
After creating a trigger template, you can perform the following operations on the Trigger Templates tab.
| Operation | Steps |
|---|---|
| Filter | Search for a template by Template Name. |
| Edit | Find the template, then click Details in the Actions column. Modify the configurations in the Details panel. |
| Delete | Find the template, then click Delete in the Actions column. |
Configure baseline elements
SASE provides four built-in baseline elements for compliance-related trigger conditions. Configuring a baseline element defines what counts as a violation — when a device meets the configured condition, the dynamic policy treats it as non-compliant and handles it accordingly.
The following table describes each baseline element, the condition that triggers a violation, and the supported operating systems.
| Baseline element | Violation condition | Windows | macOS |
|---|---|---|---|
| High-risk port enabled | A port in the configured set of prohibited port numbers is open on the device. | Yes | Yes |
| High-risk software used | Software listed as prohibited (from built-in options or custom additions) is detected on the device. For details on adding software to the list, see Software blocklist. | Yes | Yes |
| Antivirus software disabled | Select one or more from the built-in antivirus software options to define which antivirus software is checked. You cannot add custom antivirus software options. | Yes | Yes |
| Windows automatic updates not enabled | Windows automatic updates are disabled on the device. Retain the default configuration to enable this check. | Yes | — |
To configure a baseline element:
Log on to the SASE console.
In the left-side navigation pane, choose Dynamic Decision-making > Trigger Templates.
Click the Baseline Element tab.
In the upper-left corner, click the Windows drop-down list and select the operating system you want to configure baseline elements for.
Find the baseline element you want to configure, then click Configure in the Actions column.
In the Configure panel, set the parameters according to the table above, then save your changes.
What's next
After configuring your trigger template and baseline elements, reference the template when setting up trigger conditions in a dynamic policy. For details, see Trigger settings parameters.