Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Configuring Template Settings in a Device Template

Procedure

To configure the device template settings:

  1. Select Resources > Device Template.

    The Device Templates page appears.

  2. Select the device template for which you want to configure the settings and then select Edit Device Template > Template Settings.

    The Template Settings page appears.

  3. Complete the configuration settings according to the guidelines in Table 63.

    The configurable settings supported and default values for different device templates are as follows:

  4. Click Save.

    The changes that you made to the device template are saved and you are returned to the Device Templates page. After you modify a device template and use that device template to add a site, the modified parameters are used in the site addition workflow. The device template modifications do not take effect on existing sites.

Table 63: Fields on the Template Settings Page for All Device Templates

Field Name

Description

Applicable To (Device Templates)

SSH Settings  

Prevent root login via SSH?

Specify whether root login (to the device) by using SSH should be allowed or not.

NFX250

NFX150

SRX4100

SRX4200

Restrict SSH access to be from CSO only

Specify whether SSH access to the device should be restricted only to Contrail Service Orchestration (CSO) or not.

NFX250

NFX150

SRX4100

SRX4200

Max number of SSH connections allowed at any time

Enter the maximum number of SSH connections allowed at any time.

Range: 1 through 250.


NFX250

NFX150

SRX4100

SRX4200

Max number of SSH connections allowed per minute

Enter the maximum number of SSH connections allowed per minute.

Range: 1 through 250.

NFX250

NFX150

SRX4100

SRX4200

Max number of sessions per SSH connection

Enter the maximum number of sessions allowed per SSH connection.

Range: 1 through 250.

NFX250

NFX150

SRX4100

SRX4200

Policer Settings  

Bandwidth limit for ICMP traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Internet Control Message Protocol (ICMP) traffic towards the device.

NFX250

Burst-size limit for ICMP traffic towards the device

Enter the burst-size limit, in bytes, for ICMP traffic towards the device.

NFX250

Bandwidth limit for trace-route traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for traceroute traffic towards the device.

NFX250

Burst-size limit for trace-route traffic towards the device

Enter the burst-size limit, in bytes, for traceroute traffic towards the device.

NFX250

Bandwidth limit for DHCP traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Dynamic Host Configuration Protocol (DHCP) traffic towards the device.

NFX250

Burst-size limit for DHCP traffic towards the device

Enter the burst-size limit, in bytes, for DHCP traffic towards the device.

NFX250

Bandwidth limit for DNS traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Domain Name System (DNS) traffic towards the device.

NFX250

Burst-size limit for DNS traffic towards the device

Enter the burst-size limit, in bytes, for (DNS) traffic towards the device.

NFX250

Log Rotation Settings  

Max size (MB) for log files

Enter the maximum size, in megabytes (MB), of the log files stored on the device.

NFX250

Max number of log files

Enter the maximum number of log files to be stored on the device at any time.

NFX250

Customer Parameters 

NFX250

S2_MODEL_HUGEPAGE_COUNT

Enter the number of 1-GB huge pages usable by the virtualized network functions (VNFs) (on an NFX250-S2 device with a total memory of 32 GB.

NFX250

ADSL_VPI

Enter the Virtual Path Identifier (VPI) setting to connect to the asymmetric digital subscriber line (ADSL) service provider.

NFX250

ADSL_ENCAP

Enter the encapsulation that is used to connect to the ADSL service provider.

NFX250

VNF_OAM_TRANSLATED_PORT_START

Enter the first port number that can be used to expose (by using port translation) a VNF Operation, Administration, and Maintenance (OAM) port on the gateway router OAM interface or the WAN interface. This setting is used in cases where the VNF does not have its own OAM IP address from the in-band OAM network.

NFX250

ADSL_VCI

Enter the VCI (Virtual Channel Identifier) setting to connect to the ADSL service provider.

NFX250

AUTO_INSTALL_LICENSE_TO_DEVICE

Specify whether licenses should be automatically installed on the device during the ZTP workflow or not.

NFX250

AUTO_INSTALL_DEFAULT_TRUSTED_CERTS_
TO_DEVICE

Specify whether the Junos OS default trusted certificates should be installed on the device during the ZTP workflow or not.

NFX250

USE_SINGLE_SSH_TO_NFX

Specify whether to manage the NFX250 device and its components by using a single SSH connection between CSO and the NFX250 device.

NFX250

ENC_ROOT_PASSWORD

Specify the Junos OS root password to be set on the device. The password that you type is masked and the password is encrypted and stored.

NFX250

GWR_VSRX_IMAGE_LOCAL_FILE_PATH

Enter the local path of the vSRX image file present on the NFX250 device; this image file is used when the gateway router virtual machine (VM) is created.

For example, ./var/third-party/images/*vsrx*-15.1X*.qcow2. If this parameter is not set or if the file is not present on the NFX250 device, then a vSRX image with the filename specified in GWR_VSRX_IMAGE_CNAME_IN_CSO is downloaded from the CSO file server to the NFX250 device.

NFX250

GWR_VSRX_IMAGE_CNAME_IN_CSO

Enter the name with which the vSRX image was uploaded into the Image Management Service in CSO. If the vSRX image file specified in GWR_VSRX_IMAGE_LOCAL_FILE_PATH is not present, then an image with the name specified is downloaded to the NFX250 device.

NFX250

ACTIVATION_CODE_ENABLED

Specify whether an activation code must be specified to activate the device or not.

NFX250

INTERNAL_OAM_SUBNET

Enter the IP address for the subnet that is used for internal OAM connectivity between various components of the NFX250 device.

NFX250

AUTO_DEPLOY_STAGE2_CONFIG

Specify whether the stage-2 configuration should be automatically deployed on the device during the ZTP workflow.

NFX250

OOB_MGMT_ENABLED

Specify whether the out-of-band (OOB) management port of the device is being used for management connectivity or not.

If you enable this field, a default route must be available through the OOB interface. If you disable this field, there is no connectivity through the OOB management port of the device and the stage-1 configuration that is generated includes a static default route.

NFX250

S1_MODEL_HUGEPAGE_COUNT

Enter the number of 1-GB huge pages usable by the VNFs on an NFX250-S1 device with a total memory of 16 GB.

NFX250

CONTROL_LINK_PORT_NAME

Enter the physical port name for the control link connection for a dual CPE setup.

NFX250

FAB_LINK_PORT_NAME

Enter the physical port name for fabric link connection for a dual CPE setup.

NFX250

MAX_DVPN_TUNNELS_ON_SITE

Enter the maximum number of Dynamic Virtual Private Network (DVPN) tunnels that are allowed to create at the tenant site.

NFX150

NFX250

SRX Series

MIN_DVPN_TUNNELS_TO_START_DEACTIVATE

Enter the minimum number of DVPN tunnels at the tenant site after which the DVPN tunnels are dynamically deleted.

NFX150

NFX250

SRX Series

WAN_PORT_NAMES

Specify the mapping of the physical port names used for WAN side connectivity

NFX250

LAN_PORT_NAMES

Specify the mapping of the physical port names used for LAN side connectivity

NFX250

LAN_MEMBER_PORT_NAMES

Specify the physical ports on the dual CPE device that are used on the link aggregation group (LAG) interface connecting to the LAN-side switch.

NFX250

GWR_CPU_PIN

Specify the physical CPUs to which the vCPUs of the vSRX (gateway router) should be pinned.

Warning: We recommend that you do not modify the preconfigured CPU pinning values because these values are set based on Juniper's performance tests.

NFX250

AUX_Subnets

Specify the IP subnets assigned to the three auxiliary ports on the gateway router to which VNFs can be attached.

NFX250

LAN_Subnets

Specify the IP subnets assigned to the two LAN ports on the gateway router to which VNFs can be attached.

NFX250

Login Security Settings  

Login idle timeout (minutes)

Enter the time (in minutes) after which a session that is idle is timed out.

NFX250

Login attempts before locking out

Enter the maximum number of unsuccessful login attempts allowed before the user account is locked.

Range: 3 through 10.

NFX250

Login lockout period in minutes

Enter the period (in minutes) for which the user account should be locked.

Range: 1 through 43,200 minutes

NFX250

Login backoff factor in seconds

Specify the delay (in seconds) after each failed login attempt, which increases for each subsequent login attempt after specified login backoff threshold.

Range: 5 through 10.

NFX250

Login backoff threshold

Specify the threshold for the number of failed login attempts after which each subsequent login attempt is delayed by the time specified in the login backoff factor.

Range: 1 through 3

NFX250

Maximum time to enter password in seconds

Enter the maximum time allowed (in seconds) to enter a password to log in to the device after entering your username.

Range: 20 through 300 seconds.

NFX250

Maintenance user account

Enter the username of the user account to be used for maintenance activities (for example, troubleshooting) on the device.

NFX250

Login Announcement

Specify the system login announcement, which is displayed after a user successfully logs in to the device.

NFX250

Login Message

Specify the system login message, which is displayed before a user logs in to the device.

NFX250

Table 64: Configurable Settings Supported (and Their Defaults) on MX Series Device Template

Field Name

MX as SD-WAN Hub

AUTO_DEPLOY_STAGE2_CONFIG

Disabled

ZTP_ENABLED

Disabled

ACTIVATION_CODE_ENABLED

Disabled

OOB_OAM_Port

fxp0

AUTO_INSTALL_LICENSE_TO_DEVICE

Disabled

WAN Port Names

WAN_0 ge-0/0/0

WAN_1 ge-0/0/1

WAN_2 ge-0/0/2

WAN_3 ge-0/0/3

Table 65: Configurable Settings Supported (and Their Defaults) on NFX250 Device Templates

Field Name

NFX250 as
Hybrid WAN CPE

NFX250 as
Managed Internet CPE

NFX250 as
Secure Internet CPE

NFX250 as
SD-WAN CPE

Dual NFX250 as
SD-WAN CPEs

SSH Settings     

Prevent root login
via SSH?

Disabled

Disabled

Restrict SSH access
to be from CSO only

Disabled

Disabled

Max number of
SSH connections allowed
at any time

50

50

Max number of
SSH connections allowed
per minute

50

50

Max number of
sessions per SSH
connection

50

50

Policer Settings     

Bandwidth limit for
ICMP traffic towards
the device

1m

1m

Burst-size limit for
ICMP traffic towards
the device

2k

2k

Bandwidth limit for
trace-route traffic towards
the device

1m

1m

Burst-size limit for
trace-route traffic towards
the device

15k

15k

Bandwidth limit for
DHCP traffic towards
the device

1m

1m

Burst-size limit for
DHCP traffic towards
the device

15k

15k

Bandwidth limit for
DNS traffic towards
the device

1m

1m

Burst-size limit for
DNS traffic towards
the device

15k

15k

Log Rotation Settings     

Max size (MB) for
log files

10

10

Max number of
log files

10

10

Customer Parameters     

S2_MODEL_
HUGEPAGE_COUNT

21

21

21

13

13

ADSL_VPI

8

8

ADSL_ENCAP

llcsnap-bridged
-802.1q

llcsnap-bridged
-802.1q

VNF_OAM_TRANSLATED
_PORT_START

49152

49152

49152

49152

49152

ADSL_VCI

36

36

AUTO_INSTALL_LICENSE
_TO_DEVICE

Disabled

Disabled

Disabled

Disabled

Disabled

AUTO_INSTALL_DEFAULT
_TRUSTED_CERTS_
TO_DEVICE

Enabled

Enabled

Enabled

Enabled

Enabled

USE_SINGLE_SSH
_TO_NFX

Enabled

Enabled

ENC_ROOT_PASSWORD

juniper123

juniper123

juniper123

juniper123

juniper123

GWR_VSRX_IMAGE
_CNAME_IN_CSO

vsrx-vmdisk-
15.1.qcow2

vsrx-vmdisk-
15.1.qcow2

vsrx-vmdisk-
15.1.qcow2

vsrx-vmdisk-
15.1.qcow2

vsrx-vmdisk-
15.1.qcow2

ACTIVATION_CODE
_ENABLED

Enabled

Enabled

Enabled

Enabled

Enabled

GWR_VSRX_IMAGE
_LOCAL_FILE_PATH

INTERNAL_OAM_
SUBNET

10.10.10.0/24

10.10.10.0/24

10.10.10.0/24

10.10.10.0/24

10.10.10.0/24

AUTO_DEPLOY
_STAGE2_CONFIG

Disabled

Disabled

Disabled

Disabled

Disabled

OOB_MGMT_
ENABLED

Enabled

Enabled

Enabled

Enabled

Enabled

S1_MODEL
_HUGEPAGE_COUNT

9

9

9

9

9

CONTROL_LINK
_PORT_NAME

xe-0/0/12

FAB_LINK
_PORT_NAME

xe-0/0/13

MAX_DVPN_TUNNELS
_ON_SITE

nfx250_s1e: 750

nfx250_10_t: 750

nfx250_ls1_10_t: 750

nfx250_att_s1_10_t: 300

nfx250_s2_10_t: 750

nfx250_att_ls1_10_t: 300

nfx250_att_s2_10_t: 300

nfx250_s1e: 750

nfx250_10_t: 750

nfx250_ls1_10_t: 750

nfx250_att_s1_10_t: 300

nfx250_s2_10_t: 750

nfx250_att_ls1_10_t: 300

nfx250_att_s2_10_t: 300

MIN_DVPN_TUNNELS
_TO_START
_DEACTIVATE

nfx250_s1e: 250

nfx250_10_t: 250

nfx250_ls1_10_t: 250

nfx250_att_s1_10_t: 100

nfx250_s2_10_t: 250

nfx250_att_ls1_10_t: 100

nfx250_att_s2_10_t: 100

nfx250_s1e: 250

nfx250_10_t: 250

nfx250_ls1_10_t: 250

nfx250_att_s1_10_t: 100

nfx250_s2_10_t: 250

nfx250_att_ls1_10_t: 100

nfx250_att_s2_10_t: 100

WAN_PORT_NAMES

WAN_0 ge-0/0/8

WAN_1 ge-0/0/9

WAN_0 ge-0/0/8

WAN_0 ge-0/0/8

WAN_0 ge-0/0/10

WAN_1 ge-0/0/11

WAN_2 xe-0/0/12

WAN_3 xe-0/0/13

WAN_0 primary
ge-0/0/10

WAN_1 secondary
ge-0/0/10

WAN_2 primary
ge-0/0/11

WAN_3 secondary
ge-0/0/11

LAN_PORT_NAMES

LAN_0 ge-0/0/0

LAN_1 ge-0/0/1

LAN_2 ge-0/0/2

LAN_3 ge-0/0/3

LAN_4 ge-0/0/4

LAN_5 ge-0/0/5

LAN_6 ge-0/0/6

LAN_7 ge-0/0/7

LAN_8 ge-0/0/8

LAN_9 ge-0/0/9

LAN_MEMBER_PORT
_NAMES

LAN_0_0:
ge-0/0/0

LAN_0_1:
ge-0/0/1

LAN_0_2:
ge-0/0/2

LAN_0_3:
ge-0/0/3

LAN_0_4:
ge-0/0/4

LAN_0_5:
ge-0/0/5

LAN_0_6:
ge-0/0/6

LAN_0_7:
ge-0/0/7

LAN_0_8:
ge-0/0/8

LAN_0_9:
ge-0/0/9

GWR_CPU_PIN

nfx250_s2_10_t: 4, 10

nfx250_s1e: 4, 10

nfx250_10_t: 4,10

nfx250_ls1_10_t: 2,6

nfx250_att_s1_10_t: 4, 10

nfx250_att_ls1_10_t: 2,6

nfx250_att_s2_10_t: 4,10

nfx250_s2_10_t: 4, 10

nfx250_s1e: 4, 10

nfx250_10_t: 4,10

nfx250_ls1_10_t: 2,6

nfx250_att_s1_10_t: 4, 10

nfx250_att_ls1_10_t: 2,6

nfx250_att_s2_10_t: 4,10

nfx250_s2_10_t: 4, 10

nfx250_s1e: 4, 10

nfx250_10_t: 4,10

nfx250_ls1_10_t: 2,6

nfx250_att_s1_10_t: 4, 10

nfx250_att_ls1_10_t: 2,6

nfx250_att_s2_10_t: 4,10

nfx250_s2_10_t: 4, 10

nfx250_s1e: 4, 10

nfx250_10_t: 4,10

nfx250_ls1_10_t: 2,6

nfx250_att_s1_10_t: 4, 10

nfx250_att_ls1_10_t: 2,6

nfx250_att_s2_10_t: 4,10

nfx250_s2_10_t: 4, 10

nfx250_s1e: 4, 10

nfx250_10_t: 4,10

nfx250_ls1_10_t: 2,6

nfx250_att_s1_10_t: 4, 10

nfx250_att_ls1_10_t: 2,6

nfx250_att_s2_10_t: 4,10

AUX_Subnets

AUX_0 10.10.0.0/24

AUX_1 10.10.12.0/24

AUX_2 10.10.13.0/24

AUX_0 10.10.0.0/24

AUX_1 10.10.12.0/24

AUX_2 10.10.13.0/24

AUX_0 10.10.0.0/24

AUX_1 10.10.12.0/24

AUX_2 10.10.13.0/24

AUX_0 10.10.0.0/24

AUX_1 10.10.12.0/24

AUX_2 10.10.13.0/24

AUX_0 10.10.0.0/24

AUX_1 10.10.12.0/24

AUX_2 10.10.13.0/24

LAN_Subnets

LAN_0 10.10.1.0/24

LAN_1 10.10.2.0/24

LAN_0 10.10.1.0/24

LAN_1 10.10.2.0/24

LAN_0 10.10.1.0/24

LAN_1 10.10.2.0/24

LAN_0 10.10.1.0/24

LAN_1 10.10.2.0/24

LAN_0 10.10.1.0/24

LAN_1 10.10.2.0/24

Login Security
Settings
     

Login idle
timeout (minutes)

10

10

Login attempts before
locking out

3

3

Login lockout period
in minutes

5

5

Login backoff factor
in seconds

5

5

Login backoff threshold

2

2

Maximum time to enter
password in seconds

20

20

Maintenance user
account

juniper

juniper

Login Announcement

This system is
private property.

This system is
private property.

Login Message

Unauthorized access
will be reported.

Unauthorized access
will be reported.

Table 66: Configurable Settings Supported on NFX150 Device Templates

Field Name

NFX150 as Hybrid WAN CPE

NFX150 as Managed Internet CPE

NFX150 as Secure Internet CPE

NFX150 as SD-WAN CPE

VNF_OAM_TRANSLATED_PORT_START

49152

49152

49152

49152

AUTO_INSTALL_LICENSE_TO_DEVICE

Disabled

Disabled

Disabled

Disabled

ZTP_ENABLED

Enabled

Enabled

Enabled

Enabled

INTERNAL_OAM_SUBNET

10.10.10.0/24

10.10.10.0/24

10.10.10.0/24

10.10.10.0/24

ENC_ROOT_PASSWORD

Specified

Specified

Specified

Specified

ACTIVATION_CODE_ENABLED

Enabled

Enabled

Enabled

Enabled

AUTO_DEPLOY_STAGE2_CONFIG

Disabled

Disabled

Disabled

Disabled

USE_SINGLE_SSH_TO_NFX

Enabled

Enabled

ADSL_VPI

8

ADSL_ENCAP

llcsnap-bridged-802.1q

ADSL_VCI

36

MAX_DVPN_TUNNELS_ON_SITE

300

MIN_DVPN_TUNNELS_TO_START_DEACTIVATE

100

WAN Port Names for SKU with single slot

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-0-2

WAN_3 ge-1/0/4 heth-0-3

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-0-2

WAN_3 ge-1/0/4 heth-0-3

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-0-2

WAN_3 ge-1/0/4 heth-0-3

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-0-2

WAN_3 ge-1/0/4 heth-0-3

WAN Port Names for SKU with EM-6T2SFP expansion module.

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-1-6

WAN_3 ge-1/0/4 heth-1-7

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-1-6

WAN_3 ge-1/0/4 heth-1-7

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-1-6

WAN_3 ge-1/0/4 heth-1-7

WAN_0 ge-1/0/1 heth-0-4

WAN_1 ge-1/0/2 heth-0-5

WAN_2 ge-1/0/3 heth-1-6

WAN_3 ge-1/0/4 heth-1-7

Table 67: Configurable Settings Supported on SRX Series Device Templates

Field Name

SRX as Managed Internet CPE

SRX as Hybrid WAN CPE

SRX as SD-WAN CPE

SRX as SD-WAN Hub

Dual SRX as SD-WAN CPEs

vSRX as SD-WAN spoke in AWS

AUTO_DEPLOY_STAGE2_CONFIG

Disabled

Disabled

Disabled

Disabled

Disabled

Disabled

ZTP_ENABLED

Enabled

Disabled

Enabled

Enabled

Disabled

PRE-STAGED-CPE

Disabled

ACTIVATION_CODE_ENABLED

Disabled

Disabled

Enabled

Enabled

Disabled

OOB_OAM_Port

fxp0

fxp0

fxp0

fxp0

ge-0/0/0

ENC_ROOT_PASSWORD

Specified

Specified

Specified

Specified

Specified

Specified

AUTO_INSTALL_LICENSE_TO_DEVICE

Disabled

Disabled

Disabled

Disabled

Disabled

Disabled

CLUSTER_OFFSET

5

MAX_DVPN_TUNNELS_ON_SITE

300

300

300

MIN_DVPN_TUNNELS_TO_START_DEACTIVATE

100

100

100

WAN Port Names

WAN_0 ge-0/0/0

WAN_0 ge-0/0/0

WAN_1 ge-0/0/1

WAN_0 ge-0/0/0

WAN_1 ge-0/0/1

WAN_2 ge-0/0/2

WAN_3 ge-0/0/3

WAN_0 ge-0/0/0

WAN_1 ge-0/0/1

WAN_2 ge-0/0/2

WAN_3 ge-0/0/3

WAN_0 ge-0/0/3

WAN_1 ge-{ {CLUSTER_
OFFSET.value}}/0/3

WAN_2 ge-0/0/4

WAN_3 ge-{ {CLUSTER_
OFFSET.value}}/0/4

WAN_0 ge-0/0/0

WAN_1 ge-0/0/1

OAM CE Port Names

OAM_CE_0 ge-0/0/0

OAM_CE_1 ge-0/0/1

OAM_CE_2 ge-0/0/2

OAM_CE_3 ge-0/0/3

FAB Port Names

FAB_0 ge-0/0/2

FAB_1 ge-{ {CLUSTER_
OFFSET.value}}/0/2

LAN Port Names

LAN_0 ge-0/0/0

LAN_1 ge-0/0/1

LAN_2 ge-0/0/2

LAN_3 ge-0/0/3

LAN_4 ge-0/0/4

LAN_5 ge-0/0/5

LAN_6 ge-0/0/6

LAN_7 ge-0/0/7

LAN_8 ge-0/0/8

LAN_9 ge-0/0/9

LAN_10 ge-0/0/10

LAN_0_0 ge-0/0/7

LAN_0_1 ge-0/0/8

LAN_0_2 ge-0/0/9

LAN_0_3 ge-0/0/10

LAN_0 ge-0/0/0

LAN_1 ge-0/0/1

LAN_2 ge-0/0/2

LAN_3 ge-0/0/3

LAN_4 ge-0/0/4

LAN_5 ge-0/0/5

LAN_6 ge-0/0/6

LAN_7 ge-0/0/7

LAN_8 ge-0/0/8

LAN_9 ge-0/0/9

LAN_10 ge-0/0/10

RESERVED_MEMBER_PORT_NAMES

PORT_0_0 ge-0/0/5

PORT_0_1 ge-0/0/6

RESERVED_SUBNETS

NODE_0 10.10.12.0/24

NODE_1 10.10.13.0/24

AUTO_INSTALL_DEFAULT
_TRUSTED_CERTS_
TO_DEVICE

Enabled

AMI_vSRX_BYOL

Specified

Table 68: Configurable Settings Supported on SRX4x00 Series Device Templates

Field Name

SRX-4x00 as SD-WAN CPE

Dual SRX4x00 as SD-WAN CPEs

SSH Settings  

Prevent root login via SSH?

Disabled

Disabled

Restrict SSH access to be from CSO only

Disabled

Disabled

Max number of SSH connections allowed at any time

50

50

Max number of SSH connections allowed per minute

50

50

Max number of sessions per SSH connection

50

50

Policer Settings  

Bandwidth limit for ICMP traffic towards the device

1m

1m

Burst-size limit for ICMP traffic towards the device

2k

2k

Bandwidth limit for trace-route traffic towards the device

1m

1m

Burst-size limit for trace-route traffic towards the device

15k

15k

Bandwidth limit for DHCP traffic towards the device

1m

1m

Burst-size limit for DHCP traffic towards the device

15k

15k

Bandwidth limit for DNS traffic towards the device

1m

1m

Burst-size limit for DNS traffic towards the device

15k

15k

Log Rotation Settings  

Max size (MB) for log files

10

10

Max number of log files

10

10

Feature Level Access Settings  

Allow TACACS access

Disabled

Disabled

Allow SNMP Access

Disabled

Disabled

Customer Parameters  

AUTO_INSTALL_LICENSE_TO_DEVICE

Disabled

AUTO_INSTALL_DEFAULT_TRUSTED_CERTS_TO_DEVICE

Enabled

Enabled

ZTP_ENABLED

Disabled

Disabled

ENC_ROOT_PASSWORD

Specified

Specified

ACTIVATION_CODE_ENABLED

Disabled

Disabled

CLUSTER_OFFSET

7

AUTO_DEPLOY_STAGE2_CONFIG

Disabled

Disabled

OOB_OAM_PORT

fxp0

fxp0

MAX_DVPN_TUNNELS_ON_SITE  

default-value

1500

1500

WAN_PORT_NAMES  

WAN_0

xe-0/0/0

xe-0/0/0

WAN_1

xe-0/0/1

xe-{{CLUSTER_OFFSET.value}}/0/0

WAN_2

xe-0/0/2

xe-0/0/1

WAN_3

xe-0/0/3

xe-{{CLUSTER_OFFSET.value}}/0/1

MIN_DVPN_TUNNELS_TO_START_DEACTIVATE  

default-value

500

500

LAN_PORT_NAMES  

LAN_0

LAN_1

LAN_2

LAN_3

LAN_4

LAN_5

LAN_6

LAN_7

xe-0/0/0

xe-0/0/1

xe-0/0/2

xe-0/0/3

xe-0/0/4

xe-0/0/5

xe-0/0/6

xe-0/0/7

LAN_0_0— xe-0/0/2

LAN_0_1— xe-0/0/3

LAN_0_2— xe-0/0/4

LAN_0_3— xe-0/0/5

Login Security Settings  

Idle timeout (minutes)

10

10

Attempts before locking out

3

3

Lockout period in minutes

5

5

Backoff factor in seconds

5

5

Backoff threshold

2

2

Maximum time to enter password in seconds

20

20

Maintenance user account

juniper

juniper

Announcement

This system is private property.

This system is private property.

Message

Unauthorzied access will be reported.

Unauthorzied access will be reported.

RESERVED_MEMBER_PORT_NAMES  

PORT_0_1

xe-0/0/7

PORT_0_0

xe-0/0/6

RESERVED_SUBNETS  

NODE_1

10.10.13.0/24

NODE_0

10.10.12.0/24

Table 69: Fields on the Template Settings Page

Name

Description

Customer Parameters

AUTO_DEPLOY_STAGE2_CONFIG

Specify whether to automatically deploy stage-2 configuration at the end of the Zero Touch Provisioning (ZTP) workflow.

Example: Enabled

ZTP_ENABLED

Specify whether to enable ZTP for the device.

Note: This option is supported on SRX Series Services Gateways only.

Example: Enabled

PRE_STAGED_CPE

Specify whether the CPE device is pre-staged with WAN configuration.

Note: This option is supported on SRX Series Services Gateways only.

Example: Enabled

ACTIVATION_CODE_ENABLED

Specify whether the customer must use an activation code to activate the CPE device.

Example: Enabled

OOB_OAM_Port

Specify the name of the port used for out-of-band Operation, Administration, and Maintenance (OAM) traffic. This port is used in deployments where OAM and data traffic are on separate physical ports.

Note: This option is supported on SRX Series Services Gateways only.

Example: fxp0

S2_MODEL_HUGEPAGE_COUNT

Specify the number of 1-GB huge pages to be used by the VNFs on an NFX250-S2 device with a total memory of 32 GB.

Example: 21

USE_SINGLE_SSH_TO_NFX

Specify whether to enable device-initiated connections (outbound SSH) with port-forwarding capability. Port forwarding enables Contrail Service Orchestration to manage an NFX250 device through a single IP address.

Example: Enabled

S1_MODEL_HUGEPAGE_COUNT

Specify the number of 1-GB huge pages to be used by the VNFs on an NFX250-S1 device with a total memory of 16 GB.

Example: 21

VNF_OAM_TRANSLATED_PORT_START

Specify the first port number that can be used to expose a port on the gateway router’s OAM or WAN interface through port translation. Use this option in cases where the VNF does not have its own OAM IP address from the in-band OAM network.

ENC_ROOT_PASSWORD

Specify the Junos OS root password to be set on an NFX250 device.

Example: *****************

WAN Port Names

Specify the mapping Junos OS interface descriptors for the hardware ports. The RJ-45 port is the default port for the NFX250 device. You can change the default port if you want to use a different type of connector, such as SFP.

GWR_LAN_PORT

Specify the mapping of the gateway router’s LAN port names to the corresponding front panel physical port names on the NFX250 device. Currently, the logical ports are created on the ge-0/0/4 interface.

JCP_LAN_PORT_NAMES

Specify the port names from LAN_0 through LAN_9.

GWR_LAN_PORT_NAMES

Specify the port names from LAN_0 through LAN_9.

LAN_PORT_NAMES

Specify the port names from LAN_0 through LAN_10.

CONTROL_LINK_PORT_NAME

Enter the physical port name for control link connection.

Example: xe-0/0/12

FAB_LINK_PORT_NAME

Enter the physical port name for fabric link connection.

Example: xe-0/0/13

OOB_MGMT_ENABLED

Specify whether to use the out-of-band (OOB) management port of the device for management connectivity. If the field is enabled, a default route will be available through this interface. If the field is disabled, there is no connectivity through the OOB management port of the device and the stage-1 configuration that is generated will include a static default route.

AUTO_INSTALL_LICENSE_TO_DEVICE

Click the toggle button to enable automatic installation of the license on CPE device at the end of ZTP workflow.

GWR_VSRX_IMAGE_LOCAL_FILE_PATH

Enter the local path of the vSRX image that is installed on the NFX250 device. The image file is required when the gateway router VM is created. If this parameter is not set, or if the file is not present on the NFX250 device, then a vSRX image is downloaded from the CSO file server to the NFX250 device.

Example: ./var/third-party/images/*vsrx*-15.1X*.qcow2

GWR_VSRX_IMAGE_CNAME_IN_CSO

Enter the name of the vSRX image uploaded into the Image Management Service in CSO. When creating the gateway VM, if the vSRX image file is not present locally, then the image with this name is downloaded to the NFX250 device.

INTERNAL_OAM_SUBNET

Enter the IP address for the subnet that is used for internal OAM.

ADSL_VPI

Enter the Virtual Path Identifier (VPI) setting to connect to the ADSL service provider through PPPoE.

Example: 8

ADSL_ENCAP

Enter the encapsulation that is used to connect to the ADSL service provider through PPPoE.

Example: llcsnap-bridged-802.1q

ADSL_VCI

Enter the VCI (Virtual Channel Identifier) setting to connect to the ADSL service provider through PPPoE.

Example: 36

DSL_VLAN

Enter the reserved internal VLAN ID to be used as the native-vlan-id on xDSL ports to ensure that untagged control frames are processed.

Example: 4087

CLUSTER_OFFSET

Enter the cluster slot number for designated secondary node.

Table 70: Fields on the Template Settings Page for SRX4100 and SRX4200 Device Templates

Field Name

Description

SSH Settings 

Prevent root login via SSH?

Click the toggle button to enable root login through SSH. Root login through SSH is disabled by default.

Restrict SSH access to be from CSO only

Click the toggle button to restrict SSH access only to connections from Contrail Service Orchestration (CSO).

Default: Disabled

Max number of SSH connections allowed at any time

Enter the maximum number of concurrent SSH connections to be allowed.

Range: 1 through 250

Default: 50

Max number of SSH connections allowed per minute

Enter the maximum number of SSH connections allowed per minute.

Range: 1 through 250

Default: 50

Max number of sessions per SSH connection

Enter the maximum number of sessions per SSH connection.

Range: 1 through 65535

Default: 50

Policer Settings 

Bandwidth limit for ICMP traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Internet Control Message Protocol (ICMP) traffic towards the device.

Default: 1m

Burst-size limit for ICMP traffic towards the device

Enter the burst-size limit, in bytes, for ICMP traffic towards the device.

Default: 2k

Bandwidth limit for trace-route traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for traceroute traffic towards the device.

Default: 1m

Burst-size limit for trace-route traffic towards the device

Enter the burst-size limit, in bytes, for traceroute traffic towards the device.

Default: 15k

Bandwidth limit for DHCP traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Dynamic Host Configuration Protocol (DHCP) traffic towards the device.

Default: 1m

Burst-size limit for DHCP traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for DHCP traffic towards the device.

Default: 15k

Bandwidth limit for DNS traffic towards the device

Enter the bandwidth limit, in bits per second (bps), for Domain Name System (DNS) traffic towards the device.

Default: 1m

Burst-size limit for DNS traffic towards the device

Enter the burst-size limit, in bytes, for (DNS) traffic towards the device.

Default: 15k

Log Rotation Settings 

Max size (MB) for log files

Enter the maximum size of the log file, in megabytes (MB).

Default: 10

Max number of log files

Enter the maximum number of log files.

Default: 10

Feature Level Access Settings 

Allow TACACS access

Click the toggle button to enable TACACS communication. By default, TACACS communication is disabled.

Allow SNMP access

Click the toggle button to enable SNMP communication. By default, SNMP communication is disabled.

Customer Parameters 

AUTO_INSTALL_LICENSE_TO_DEVICE

Click the toggle button to enable automatic installation of the license file on the CPE device when the ZTP workflow ends.

Default: Disabled

AUTO_INSTALL_DEFAULT_TRUSTED_CERTS_TO_DEVICE

Click the toggle button to disable automatic installation of default trusted certificates on the CPE device when the ZTP workflow ends.

Default: Enabled

ZTP_ENABLED

Specify whether to enable ZTP for the device.

ENC_ROOT_PASSWORD

Specify the Junos OS-encrypted root password to be set on the CPE device.

ACTIVATION_CODE_ENABLED

Click the toggle button to enable the tenant to use an activation code to activate the CPE device.

Default: Disabled

CLUSTER_OFFSET

Enter the cluster slot number for designated secondary node.

AUTO_DEPLOY_STAGE2_CONFIG

Click the toggle button to enable automatic deployment of stage-2 configuration when the ZTP workflow ends.

Default: Disabled

OOB_OAM_PORT

Enter the port number for out-of-band Operation, Administration, and Maintenance (OAM) traffic. This port is used in deployments where OAM and data traffic are on separate physical ports.

Note: This option is supported only on SRX Series Services Gateways.

Default: fxp0

MAX_DVPN_TUNNELS_ON_SITE

Enter the maximum number of site to site Dynamic Virtual Private Network (DVPN) tunnels that can be created at a site, exceeding which the site to site tunnels are not created any more and traffic goes through the hub.

MIN_DVPN_TUNNELS_TO_START_DEACTIVATE

Enter the minimum number of site to site DVPN tunnels that must be present at a site to start deactivating the inactive site-to-site tunnels.

WAN_PORT_NAMES

Enter the name of the physical interfaces for the ports that are used for WAN side connectivity.

WAN_0

WAN_1

WAN_2

WAN_3

WAN_MEMBER_PORT_NAMES

In case of dual-CPE devices, enter the name of the physical interfaces for the ports that are used for WAN side connectivity.

WAN_0

WAN_1

WAN_2

WAN_3

LAN_PORT_NAMES

Enter the name of the physical interfaces for the ports that are used to connect to LAN side devices.

LAN_0— xe-0/0/0

LAN_1— xe-0/0/1

LAN_2— xe-0/0/2

LAN_3— xe-0/0/3

LAN_4— xe-0/0/4

LAN_5— xe-0/0/5

LAN_6— xe-0/0/6

LAN_7— xe-0/0/7

LAN_MEMBER_PORT_NAMES

In case of dual-CPE devices, enter the name of the physical interfaces for the ports that are used to connect to LAN side switch..

LAN_0_0— xe-0/0/2

LAN_0_1— xe-0/0/3

LAN_0_2— xe-0/0/4

LAN_0_3— xe-0/0/5

Login Security Settings 

Idle timeout (minutes)

Enter the maximum time (in minutes) that a session can be idle before the user is logged out of the system.

Attempts before locking out

Enter the maximum number of unsuccessful login attempts allowed before the account is locked.

Range: 3 to 10

Lockout period in minutes

Enter the number of minutes an account must remain locked after the maximum number of unsuccessful login attempts.

Range: 1 to 43,200

Backoff factor in seconds

Enter the length of delay (in seconds) after each failed login attempt. The length of delay increases by this value for each subsequent login attempt after the value specified in the backoff-threshold option.

Range: 5 to 10

Backoff threshold

Enter the threshold for the number of failed login attempts before the user experiences a delay when attempting to reenter a password.

Range: 1 to 3

Maximum time to enter password in seconds

Enter the maximum time allowed (in seconds) to enter a password to log in to the device after entering your username.

Range: 20 to 300.

Maintenance user account

Enter the name of a maintenance user account to be created on the device. The maintenance user account is used by maintenance personnel for troubleshooting when required.

Announcement

Enter the system login announcement, which is displayed after a user successfully logs in to the device.

Message

Enter the system login message, which is displayed when a user logs into the device.

RESERVED_MEMBER_PORT_NAMES

Enter the port names of the two 1-Gigabit Ethernet/10-Gigabit Ethernet ports,( CTL (control port) and FAB (fabric port)) to be used for synchronizing data and maintaining state information in a chassis cluster setup.

  • PORT_0_0— xe-0/0/6

  • PORT_0_1— xe-0/0/7

RESERVED_SUBNETS

Enter the IP address of reserved subnets that is used for System logs.

  • NODE_0— 10.10.12.0/24

  • NODE_1— 10.10.13.0/24

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit