Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Predefined Configuration Templates

 

Contrail Service Orchestration (CSO) provides predefined configuration templates that you can access from the Configuration Templates page (Resources > Configuration Templates).

Predefined configuration templates are available for SRX Series, NFX150, and NFX250 devices:

  • Table 1 lists the predefined configuration templates for SRX Series devices.

  • Table 2 lists the predefined configuration templates for NFX150 devices.

  • Table 3 lists the predefined configuration templates for NFX250 devices.

Table 1: Predefined Configuration Templates for SRX Series Devices

Name

Description

ngfw-ipsec-vpn

Configure IPsec VPN settings for an SRX next-generation firewall (NGFW) device.

srx-banner

Configure the banner that appears when you log in to an SRX Series device.

srx-class-of-service

Configure class-of-service (CoS) parameters on an SRX Series device.

srx-disable-auto-negotiation

Disable Ethernet autonegotiation on the interfaces of an SRX Series device.

If you disable Ethernet autonegotiation, you must configure values for link mode and link speed when you deploy the template.

srx-dhcp

Configure an SRX Series device as a Dynamic Host Configuration Protocol (DHCP) server.

srx-dns

Configure Domain Name System (DNS) server settings on an SRX Series device.

srx-dnssplit-hub

Configure the split DNS feature on an SRX Series enterprise hub device to be applied to transit traffic originating from a spoke device.

In addition to deploying the configuration template, you must also deploy zone-based firewall policies to control (allow or deny) the transit traffic.

srx-dnssplit-spoke

Configure the split DNS feature on an SRX Series spoke device.

srx-firewall-filters

Configure firewall filters that determine whether to permit or deny traffic before it enters or exits a port to which the firewall filter is applied.

srx-hub-oam-stage-2-config

Provide the CSO reachability routing configuration for a provider hub with OAM capability.

srx-idp-sensor-packet-log

Configure an SRX Series device for packet capture, by defining the amount of memory to be allocated for packet capture and the maximum number of sessions that can generate packet capture data for the device at a time.

srx-igmp-snooping

Configure Internet Group Management Protocol (IGMP) snooping parameters on one or more VLANs so that the device selectively sends out multicast packets only on the ports that need them. Without IGMP snooping, an SRX Series device floods the packets on every port.

srx-lacp

Configure link aggregation control protocol (LACP) on an SRX Series device.

srx-local-user

Configure a local user on an SRX Series device.

srx-nat-global-settings

Configure network address translation (NAT) settings for an SRX Series device.

srx-ntp

Configure Network Time Protocol (NTP) settings on an SRX Series device.

srx-password-config

Change the default password for a root user on an SRX Series device.

srx-pim

Configure protocol-independent multicast (PIM) on an SRX Series device.

srx-pre-id-default-policy

Configure the default policy action that occurs prior to dynamic application identification (AppID).

During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list, an SRX Series device applies the default security policy until a more explicit match is found.

srx-rouser

Configure a user with read-only access privilege on an SRX Series device.

srx-sdwan-dhcp-relay

Configure extended DHCP relay and DHCPv6 relay options on an SRX Series device and enable the device to function as a DHCP relay agent. A DHCP relay agent forwards DHCP Request and DHCP Reply packets between a DHCP client and a DHCP server.

srx-sdwan-mgmnt

Configure the SNMP version 3 (SNMPv3), NTP, syslog, and TACACS parameters for managing an SRX Series device.

For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template.

srx-service

Configure the FTP, SSH, and NETCONF settings on an SRX Series device.

srx-snmp-config-basic

Configure basic SNMP version 2 (SNMPv2) parameters on an SRX Series device.

srx-static-routes

Configure static routes to be installed in the routing table for an SRX Series device.

You can specify one or more routes within a single static statement, and you can specify one or more static options in the configuration.

srx-syslog

Configure syslog settings on an SRX Series device.

srx-utm-global

Configure the routing instance, on an SRX Series device, through which the DNS server can be reached to resolve the UTM Web filtering URL.

srx-vrrp

Configure virtual router redundancy protocol (VRRP) on an SRX Series device.

Table 2: Predefined Configuration Templates for NFX150 Devices

Name

Description

nfx3-firewall-filters

Configure firewall filters that determine whether to permit or deny traffic before it enters or exits a port to which the firewall filter is applied.

nfx3-idp-sensor-packet-log

Configure an NFX150 device for packet capture, by defining the amount of memory to be allocated for packet capture and the maximum number of sessions that can generate packet capture data for the device at a time.

nfx3-nat-global-settings

Configure NAT settings on an NFX150 device.

nfx3-sdwan-dhcp-relay

Configure extended DHCP relay and DHCPv6 relay options on an NFX150 device and enable the device to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server.

nfx3-sdwan-mgmnt

Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing an NFX150 device.

For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template.

Table 3: Predefined Configuration Templates for NFX250 Devices

Name

Description

nfx-banner

Configure the banner that appears when you log in to an NFX250 device.

nfx-disable-auto-negotiation

Disable Ethernet autonegotiation on the interfaces of an NFX250 device (Junos Control Plane (JCP) component only).

If you disable Ethernet autonegotiation, you must configure values for link mode and link speed when you deploy the template.

nfx-dns

Configure DNS server settings on an NFX250 device.

nfx-dnssplit-spoke

Configure the split DNS feature on an NFX250 spoke device.

nfx-igmp-snooping

Configure IGMP snooping parameters on one or more VLANs so that the device selectively sends out multicast packets only on the ports that need them. Without IGMP snooping, an NFX250 device floods the packets on every port.

nfx-lacp

Configure LACP on an NFX250 device.

nfx-local-user

Configure a local user on an NFX250 device.

nfx-ntp

Configure NTP settings on an NFX250 device.

nfx-password-config

Change the default password for a root user on an NFX250 device.

nfx-pre-id-default-policy

Configure the default policy action that occurs prior to dynamic AppID.

During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list, an NFX250 device applies the default security policy until a more explicit match is found.

nfx-sdwan-gwr-dhcprelay

Configure extended DHCP relay and DHCPv6 relay options for the gateway router (vSRX) on an NFX250 device and enable the device to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and DHCP reply packets between a DHCP client and a DHCP server.

nfx-sdwan-gwr-mgmnt

Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the gateway router (vSRX) on an NFX250 device.

For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template.

nfx-sdwan-jcp-mgmnt

Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the Junos Control Plane (JCP) component of an NFX250 device.

For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template.

nfx-sdwan-jdm-mgmnt

Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the Juniper Device Manager (JDM) component of an NFX250 device.

For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template.

nfx-service

Configure the FTP, SSH, and NETCONF on an NFX250 device.

nfx-snmp-config-basic

Configure basic SNMPv2 parameters on an NFX250 device.

nfx-static-routes

Configure static routes to be installed in the routing table for an NFX250 device.

You can specify one or more routes within a single static statement, and you can specify one or more static options in the configuration.

nfx-syslog

Configure syslog settings on an NFX250 device.

nfx-utm-global

Configure the routing instance, on an NFX250 device, through which the DNS server can be reached to resolve the UTM Web filtering URL.