Create a Logical System
You can add logical systems in bulk or add individual logical system at a time.
Add Logical Systems in Bulk
To add logical systems in bulk:
- Select Devices > Security Devices.
The Security Devices page is displayed.
- Select a root device, right-click and select Create
Logical System.
The Create Logical System (LSYS) page is displayed.
- Click Add Bulk LSYS.
The Add Bulk Logical System (LSYS) page is displayed.
- Complete the configuration according to the guidelines given in Table 1.
- Click Add.
The Create Logical System (LSYS) page is displayed. Review the logical system details.
- Select the logical system and click the pencil
icon to modify the details, if required.
You can also provide the user class and interface for logical systems. Logical System configuration parameters cannot be edited after you click Preview Configuration or Create.
- Click Create to create the logical system.
The Job Details page is displayed with update logical system device job and its status.
- Click OK.
If the job is successful, the logical system is created and displayed in the Security Devices page. The root device name is displayed beside the logical system device name. You can click on the logical system device name link to see the root device details.
Add Individual Logical System at a Time
Alternatively, you can create individual logical systems at a time. To create individual logical system at a time:
- Select Devices > Security Devices.
The Security Devices page is displayed.
- Select a root device, right-click and select Create
Logical System.
The Create Logical System (LSYS) page is displayed.
- Click the + icon.
The Create Logical System (LSYS) page is displayed.
- Complete the configuration according to the guidelines given in Table 1.
- Click Add.
The Create Logical System (LSYS) page is displayed. Review the logical system details.
- Select the logical system and click the pencil icon to
modify the details, if required.
Logical System configuration parameters cannot be edited after you click Preview Configuration or Create.
- Click Create to create the logical system.
The Job Details page is displayed with update logical system device job and its status.
- Click OK.
If the job is successful, the created logical system is displayed in the Security Devices page. The name of the root device is displayed beside the logical system device name. You can click on the root device name to see the root device details.
Table 1: Add Bulk Logical System
Parameters | Description |
---|---|
Logical System Name | A logical system name can be a maximum of 63 characters and can include alphanumeric characters, dashes, and underscores. |
Number of LSYS(s) | Select the number of logical systems that you want to create. You can create a maximum of 31 logical systems. Note: The logical system name uses the number as prefix for the selected count. You can review the details of the logical system and modify the name, if required. |
Routing Instance Name | Enter the routing instance name. A routing instance system name can be a maximum of 63 characters and can include alphanumeric characters and dashes. |
Routing Instance Type | Select the routing instance type from the list. |
Security Profiles | To distribute security resources across logical systems, you can create security profiles that specify the type and amount of resources to be allocated. You can create security profile and bind it to more than one logical system, if you want to allocate the same type and amount of resources to them. When a device is discovered in Security Director for the first time, you can see the list of security profiles, if any, while creating a logical system. Alternatively, you can create security profiles in Security Director. A security profile is mandatory to create a Logical system. Each security profile contains resources with a range based on the devices. You can manage the resources by allocating reserved and maximum values. Select a security profile, which will be bound to the logical system. To create a security profile:
To edit the security profile, select a security profile and click the pencil icon. Note: You can configure up to 32 security profiles on an SRX Series device running logical systems. When you reach the limit, you can delete the empty profiles. If you want to delete a profile which is assigned to a logical system, then first assign some other profile to the logical system and then delete the profile. Otherwise, you cannot delete a profile and commit fails on the device. |
User Class Details | Select a user class. Each user is assigned to a class, which defines the user permissions. Note: User class details section is available only when you create an individual logical system at a time. When you create a logical system in bulk, you can provide the user class when you edit the logical system as mentioned in 6 in Add Logical Systems in Bulk. |
Assign Interfaces | Select an interface. To add logical interface:
Note: User class details section is available only when you create individual logical system at a time. When you create logical systems in bulk, you can provide the user class when you edit the logical system as mentioned in 6 in Add Logical Systems in Bulk. |
Table 2: Security Profile
Parameters | Description |
---|---|
General Settings | |
Security Profile Name | Enter a valid unique name. The name must contain only letters and numbers. Note that the security profile name must be unique for the selected root device. |
Resource Allocation | Select the type of resource and allocate the reserved and maximum value for the selected resource. Each security profile contains resources with a range based on the devices. You can manage the resources by allocating reserved and maximum values. |
Reserved | It guarantees that the specified resource is always available to the logical system. If a reserved quota is not configured for a resource, the default value is 0. |
Maximum | If a logical system requires more resource than reserved amount allows, it can utilize resources configured for the global maximum amount if they are available—if they are not allocated to other logical systems. The maximum allowed quota specifies the portion of the free global resources that the logical system can use. The maximum allowed quota does not guarantee that the amount specified for the resource in the security profile is available. If a maximum allowed quota is not configured for a resource, the global system quota for the resource is used as a default value. Global system quotas are platform-dependent. |