security-profile
语法
security-profile {
profile name {
address-book (System) {
maximum maximum;
reserved reserved;
}
advanced-anti-malware-policy {
maximum maximum;
reserved reserved;
}
auth-entry {
maximum maximum;
reserved reserved;
}
cpu {
reserved percent;
}
dslite-softwire-initiator {
maximum maximum;
reserved reserved;
}
flow-gate {
maximum maximum;
reserved reserved;
}
flow-session {
maximum maximum;
reserved reserved;
}
icap-redirect-profile {
maximum maximum;
reserved reserved;
}
idp-policy idp-policy;
logical-system (System Security Profile) logical-system;
nat-cone-binding {
maximum maximum;
reserved reserved;
}
nat-destination-pool {
maximum maximum;
reserved reserved;
}
nat-destination-rule {
maximum maximum;
reserved reserved;
}
nat-interface-port-ol (System) {
maximum maximum;
reserved reserved;
}
nat-nopat-address {
maximum maximum;
reserved reserved;
}
nat-pat-address {
maximum maximum;
reserved reserved;
}
nat-pat-portnum {
maximum maximum;
reserved reserved;
}
nat-port-ol-ipnumber {
maximum maximum;
reserved reserved;
}
nat-rule-referenced-prefix (System) {
maximum maximum;
reserved reserved;
}
nat-source-pool {
maximum maximum;
reserved reserved;
}
nat-source-rule {
maximum maximum;
reserved reserved;
}
nat-static-rule {
maximum maximum;
reserved reserved;
}
policy (System Security Profile) {
maximum maximum;
reserved reserved;
}
policy-with-count {
maximum maximum;
reserved reserved;
}
root-logical-system;
scheduler (System Security Profile) {
maximum maximum;
reserved reserved;
}
secintel-policy {
maximum maximum;
reserved reserved;
}
secure-wire {
maximum maximum;
reserved reserved;
}
security-log-stream-number {
maximum maximum;
reserved reserved;
}
tenant tenant;
user-auth-entry {
maximum maximum;
reserved reserved;
}
vrf-group {
maximum maximum;
reserved reserved;
}
zone (System Security Profile) {
maximum maximum;
reserved reserved;
}
}
resources {
cpu-control;
cpu-control-target percent;
}
}
层次结构级别
[edit system] [edit tenants <tenant-name>]
描述
创建安全配置文件并指定要分配给安全配置文件绑定到的逻辑系统的资源的种类和数量。
作为主管理员,如果要向多个逻辑系统分配相同类型和数量的资源,可以创建安全配置文件并将其绑定到多个逻辑系统。有关可以创建多少安全配置文件的详细信息,请参阅 了解逻辑系统安全配置文件(仅限主管理员)。达到限制时,必须先删除安全配置文件并提交配置,然后才能为另一个安全配置文件创建和提交配置。
只有主管理员才能创建安全配置文件。
所需权限级别
system - 在配置中查看此语句。
系统控制 - 将此语句添加到配置中。
发布信息
Junos OS 11.2 版中引入的语句。
Junos dslite-softwire-initiator OS 12.1 版中引入的选项。
security-profile在 Junos OS 18.3R1 版的层次结构下tenants添加的选项。
icap 重定向配置文件选项在 Junos OS 18.3R1 版中引入。
secure-wire Junos OS 19.3R1 版中引入的选项。