Production-ready templates for network pros

Skip the blank page. Deploy in minutes.

42 hardened templates — plus 35 Claude Code skills. Network configs (incl. pfSense, Check Point, Meraki), AWS + Azure + GCP landing zones, SOC 2 + PCI-DSS v4 + NIS 2 + ISO 27001 compliance packs, SD-WAN topology, K8s NetworkPolicy, TLS lifecycle. Ready for your environment.

Browse Catalog Try the explorer

Free to download. No signup. MIT licensed.

42
Products
25,000+
Lines
8
Vendor Stacks
5
Categories
100%
Customisable
About

VantagePoint Networks

A one-engineer shop. Templates built and maintained by Hak - Senior Engineer and Author - using the same material in production networks every day.

Everything on this site is original, MIT-licensed, and free to download. No signup, no paywall, no lead capture. If a template helps you ship faster or sleep better on-call, that's the whole point.

vpnetworks.co.uk
Start here

Three interactive ways to explore

Before scrolling through 26 product cards, try one of these browser-based tools. No install, no signup - just click and explore.

3 tools
Visual Map

Product Ecosystem

A radial overview of all 5 product lines. Click any node to jump straight to that category in the catalogue.

Open ecosystem
Interactive

Config Explorer

Filter 10 configs by vendor. The reference topology highlights matching devices. Preview the file in place before downloading.

Open explorer
Dashboard

Workflow System

See how the products are built: six AI agents, a five-phase pipeline, live sprint board and the protocol feed that coordinates them.

Open dashboard
01 / 05

Network Configurations

CIS-hardened, annotated baselines across eight vendor stacks (enterprise + SMB + open source). Variable placeholders throughout so you can customise and deploy in one pass.

13 products
Cisco IOS-XE

Catalyst 9500 L3 Core Switch

AAA, SSH hardening, VLANs, SVIs, OSPF, STP, DHCP snooping, DAI, CoPP, port-channels. Hardened baseline for campus core.

371 lines CIS L1 Production
View
Cisco IOS-XE

ISR 4431 WAN Edge Router

BGP dual-ISP, OSPF, bogon filters, CoPP, IP SLA tracking, IKEv2 VPN template. WAN edge baseline for multi-site.

383 lines CIS L1 BGP + OSPF
View
Cisco ASA

ASA 5525-X Firewall

AnyConnect SSL VPN, IKEv2 site-to-site, active/standby failover, threat detection, modular QoS inspection.

580 lines HA Ready VPN
View
Cisco IOS-XE WLC

Catalyst 9800 Wireless Controller

Four WLANs (Corp / Voice / IoT / Guest), FlexConnect, QoS policies, RRM, rogue AP detection, mDNS gateway.

594 lines 4 WLANs RADIUS
View
Cisco NX-OS

Nexus 9300 DC Spine Switch

BGP EVPN fabric, VXLAN VTEP, VPC peer-link, OSPF underlay, CoPP. Data-centre spine baseline for spine-leaf.

545 lines EVPN VXLAN
View
FortiOS 7.4

FortiGate 100F Zone-Based Firewall

Trust / Untrust / DMZ / Mgmt zones, AV / IPS / WF / AppCtrl profiles, HA pair config, SNAT, logging.

547 lines Zone-Based HA
View
Junos 23.x

Juniper EX4400 Distribution

Modern SSH ciphers, VLANs with IRB, LACP to core, OSPF with BFD, 802.1X, firewall filter on loopback.

604 lines OSPF + BFD 802.1X
View
AOS-CX 10.12

Aruba CX 6300 Access Layer

802.1X / MAC-auth, RADIUS, port templates (user / printer / IoT / AP), storm control, DHCP snooping, sFlow.

491 lines 802.1X RADIUS
View
PAN-OS 11.1

Palo Alto PA-5220 NGFW

Zero Trust zones, AV / AS / VP / URL / FB / WildFire profiles, DNS sinkhole, HA template, App-ID policies.

1,025 lines Zero Trust CIS L2
View
RouterOS 7

MikroTik Router Baseline

VLAN filtering bridge, firewall with DDoS protection, DHCP, queue simple, SNMP. Affordable SMB baseline.

504 lines VLAN DDoS
View
pfSense / OPNsense

pfSense Hardened Baseline

Production-grade pfSense / OPNsense config with segmented LAN / DMZ / GUEST, deny-by-default firewall, DNSSEC-validating Unbound, SNMPv3, central syslog. Open source community gold standard.

XML import DNSSEC + Unbound IDS-ready
View
Check Point R81

Check Point R81 Baseline

Enterprise Gaia OS hardening, ClusterXL HA, policy-package structure, Threat Prevention profile, HTTPS Inspection, Identity Awareness, log exporter. R81.20 / R82 tested.

CLISH + SmartConsole ClusterXL HA TP Strict profile
View
Cisco Meraki

Meraki MX + MS Cloud-Managed Baseline

Multi-site Meraki org: MX security appliance + MS switch + MR wireless. Dashboard config checklist, API-driven provisioning, AutoVPN, threat protection, AnyConnect client VPN. Retail / SMB sweet spot.

API + Dashboard AutoVPN Templates + tags
View
02 / 05

Topology Diagrams

Professional templates for draw.io (free) with VLAN tables, IP assignments, power budgets, vendor stencils and full SD-WAN reference wired up.

4 products
draw.io Template

3-Tier Campus Network Topology

WAN cloud, dual FW HA, vPC core, 3 distribution, 9 access switches across 3 buildings, with VLAN assignment and IP tables.

307 lines 3 Buildings VLAN Map
View
draw.io Template

42U Rack Elevation Diagram

Full MDF rack layout with power budget table, port allocation summary, and cable management notes.

183 lines 42U Power Budget
View
draw.io Template

WAN / MPLS Multi-Site Topology

HQ + 3 branches + data centre + remote workers (SSL VPN). Site summary table with subnets, bandwidth, BGP ASNs.

244 lines 5 Sites BGP
View
draw.io Template

SD-WAN Multi-Site Reference Topology

Hub-spoke SD-WAN with dual internet + MPLS underlay, IPsec overlay tunnels, cloud-hosted orchestrator, SaaS direct break-out per branch. Vendor-agnostic (applies to Fortinet, Meraki, Viptela).

2 hubs + 3 branches Per-app steering Vendor-agnostic
View
03 / 05

Operations, Cloud & Compliance Runbooks

Battle-tested procedures for incidents, change, security, cloud landing zones, and audit-ready compliance packs (SOC 2, PCI-DSS v4, NIS 2, ISO 27001, Cyber Essentials+). NIST 800-61, ITIL v4, CIS v8, AICPA TSC aligned.

18 products
NIST SP 800-61

Incident Response Runbook

Six-phase lifecycle, P1-P4 severity matrix, 5 playbooks (DDoS / ransomware / breach / outage), chain-of-custody form.

929 lines 5 Playbooks Forensics
View
ITIL v4

Change Management Runbook

Standard / Normal / Emergency flows, CAB agenda, 5x5 risk matrix, rollback playbook, KPI reporting templates.

725 lines CAB Risk Matrix
View
MITRE ATT&CK

SOC Playbook Bundle

Eight alert playbooks - brute force, malware, phishing, C2, privilege escalation, exfiltration, DHCP spoofing, VPN anomaly.

1,106 lines 8 Playbooks SIEM
View
Business Continuity

Disaster Recovery Runbook

BIA template, 5 scenario playbooks (data centre / cyber / network / cloud / building), DR test types, failback procedures.

694 lines 5 Scenarios RTO/RPO
View
CIS Controls v8

Network Security Audit Checklist

120+ controls across 12 domains, mapped to CIS Controls v8 and NIST CSF. Finding summary and sign-off ready.

268 lines 120+ Items NIST CSF
View
HR / Operations

New Hire Onboarding Checklist

Pre-arrival through 90-day review. Access matrix, training resources, contact table, equipment checklist.

439 lines 5 Phases 90-Day
View
Cloud Architecture

AWS Landing Zone Reference

Multi-account org, IAM Identity Center, Transit Gateway hub, centralised egress, GuardDuty + Config + Security Hub, SCP guardrails, 12-week implementation order.

213 lines 14 Sections SCP Pack
View
Cloud Architecture

Azure Landing Zone Reference

Microsoft CAF Enterprise-scale done practically: management group hierarchy, Entra ID baseline, hub-and-spoke + Azure Firewall, Defender + Sentinel, Azure Policy initiative pack.

256 lines 15 Sections CAF-aligned
View
Cyber Essentials Plus

Cyber Essentials Plus Readiness Pack

UK NCSC scheme: 5 control areas, evidence to collect per area, common audit findings, pre-assessment dry run, annual cycle. Built for first-time and renewal.

237 lines 5 Control Areas UK / NCSC
View
ISO/IEC 27001:2022

ISO 27001 Annex A Evidence Pack

All 93 controls grouped by 4 themes (Organisational, People, Physical, Technological). Evidence to collect per control, common findings, SoA starter, 12-week pre-audit timeline.

203 lines 93 Controls SoA-ready
View
Detection-as-code

Sentinel KQL Detection Pack

20 production-ready Sentinel detections - identity, endpoint, cloud, email, network, persistence. Each with KQL, MITRE ATT&CK mapping, FP triage, response actions.

480 lines 20 Detections MITRE-mapped
View
M365 / Entra ID

M365 + Entra ID Hardening Baseline

Practical hardening for Microsoft 365 + Entra ID. Break-glass, PIM, 10 Conditional Access policies, Defender preset, mailbox + DLP, Secure Score trajectory, 12-week rollout.

253 lines 10 CA Policies CIS-aligned
View
AICPA TSC

SOC 2 Type II Evidence Pack

Working evidence index for SOC 2 Type II across the five Trust Services Criteria. Control-by-control checklist, 12-month cadence calendar, and the common findings to pre-empt before fieldwork.

Control matrix CC1-CC9 + A1/C1/PI1/P Audit-ready
View
PCI-DSS v4.0

PCI-DSS v4.0 Readiness Pack

All 12 requirements plus the future-dated controls mandatory from 2025-03-31. Scoping worksheet, CDE definition, evidence index, and 15-question fast-track gap assessment.

12 Requirements v4.0 + v4.0.1 QSA-tested
View
EU Directive 2022/2555

NIS 2 Directive Readiness Pack

NIS 2 scoping (essential vs important), the 10 Article 21 risk-management measures, Article 23 incident-reporting clocks (24h / 72h / 1-month), and a 72-hour crisis playbook.

10 measures 24h / 72h / 1m clocks Post-2024-10-18
View
GCP CFT

GCP Landing Zone Reference

Enterprise-scale GCP foundation: resource hierarchy, Shared VPC, HA VPN, org policies, aggregated logging, VPC-SC, Workload Identity Federation. Rollout order that has survived audit.

Shared VPC + VPC-SC Terraform-ready CIS GCP aligned
View
Kubernetes

Kubernetes NetworkPolicy Baseline Pack

Default-deny patterns, namespace isolation, tier-based flows, egress to managed services, CNI-specific notes for Calico, Cilium and AWS VPC CNI. Ready-to-apply YAML, rollout strategy, gotchas.

YAML examples Calico / Cilium / AWS CIS K8s aligned
View
PKI / TLS

Certificate & TLS Lifecycle Runbook

Inventory, issuance, renewal, rotation, revocation, monitoring, and the emergency replacement runbook when a cert dies in production at 1am Saturday. Ownership + automation front and centre.

Full lifecycle ACME + Private CA Emergency playbook
View
04 / 05

Study Guides & Cheat Sheets

Exam-focused references for network and security certifications. Worked examples, visual tables, and acronym glossaries.

4 products
CCNA 200-301

CCNA Subnetting Cheat Sheet

CIDR table /0-/32, magic-number method with 5 worked examples including VLSM. Port numbers, protocol distances, STP states.

627 lines VLSM Exam Ready
View
CompTIA N10-009

CompTIA Network+ Cheat Sheet

OSI / TCP-IP, Ethernet and wireless standards, cable reference, 40 common ports, routing, switching, troubleshooting, 60 acronyms.

447 lines 22 Sections N10-009
View
CompTIA SY0-701

CompTIA Security+ Cheat Sheet

Threat actors, attack types, malware families, crypto, IAM, wireless, cloud, IR, GRC. Security-relevant ports and 80 acronyms.

492 lines 14 Sections SY0-701
View
Cisco ENCOR 350-401

CCNP ENCOR Cheat Sheet

OSPF / EIGRP / BGP deep dive, STP, EtherChannel, FHRP, wireless, VXLAN, LISP, automation (NETCONF, YANG), QoS.

602 lines 14 Sections 350-401
View
05 / 05

Planning Spreadsheets

IP address management, VLAN planning, circuit tracking, equipment inventory. Import into Excel or Google Sheets and customise.

3 products
Excel / Sheets

IP & VLAN Planning Spreadsheet

VLAN table, device IPs, subnet calculator, point-to-point links, trunk matrix, SSID-to-VLAN mapping, DNS records.

109 lines 7 Tabs IPAM
View
Excel / Sheets

WAN Circuit & SLA Tracker

12 circuits across 5 sites, 3 months of SLA data, renewal calendar, incident-cause breakdown, cost summary by provider.

73 lines SLA Tracker Renewals
View
Excel / Sheets

Network Equipment Inventory

28 devices with serials, firmware matrix with CVE counts, lifecycle summary, 16 access points with MAC and channel data.

88 lines CVE Matrix AP Inventory
View