The Resource Profile page displays all the resource profiles or security profiles for the logical system along with the configured resources.
You can configure up to 32 security profiles on an SRX Series device running logical systems. When you reach the limit, you must delete a security profile and commit the configuration change before you can create and commit another security profile. In many cases fewer security profiles are needed because you might bind a single security profile to more than one logical system.
The Resource Profile page appears.Table 269 explains the content of this page.
Global Settings—Configures global options for the firewall policy. Enter information as specified in Table 270.
More—Allows you to view a detailed view of the selected resource profile.
You can also view the details of a resource profile when you mouse over to the left of a resource profile and click on the Detailed View icon.
Add icon (+)—Adds a new resource profile and IPS policy. Enter information as specified in Table 271.
Edit icon (/)—Edits selected security profile. Enter information as specified in Table 271.
Delete icon (X)—Deletes the selected security profile.
Search icon—Enables you to search the security profile in the grid.
Filter icon—Allows you to enter the desired Profile Name, Configured Resources, or Logical Systems/Tenants and display the matching results in the grid.
Show Hide Column icon—Enables you to show or hide a column in the grid.
Click Commit icon at the top of the J-Web page. The following commit options are displayed.
Commit—Commits the configuration and returns to the main configuration page.
Compare—Enables you to compare the current configuration with the previous configuration.
Discard—Discards the configuration changes you performed in the J-Web.
Preferences—There are two tab:
Commit preferences—You can choose to just validate or validate and commit the changes.
Confirm commit timeout (in min) — You can select the time-out interval.
Table 269: Resource Profile page
Field | Function |
|---|---|
Profile Name | Displays the Security Profile names. |
Configured Resource | Displays the configured resource. |
Logical Systems/Tenants | Displays the logical system or tenants created. |
Table 270: Global Settings option page
| Field | Function | Action |
|---|---|---|
Enable CPU limit | Specify the CPU control. | Enable or disable the CPU limit. |
CPU Target | Specify the targeted CPU utilization allowed for the whole system (0..100 percent) . | Set a CPU target. You can enable disable this option to set the value. This will be applicable to all the logical system resource profiles. If u set 50 % here then none of the profile(s) can have a value more than this and all the profiles should share this 50% of the CPU. |
Table 271: Create-Edit the Resource Profile:
| Field | Function | Action |
|---|---|---|
| General | ||
Profile Name | Displays the name of the security profile. | Enter a unique string with an alphanumeric character and can include underscores; no spaces allowed; 31-character maximum. |
IPS Policy | Specify the IPS Policy | Select the IPS Policy. |
| Resource Name | ||
nat-pat-portnum | Specify the maximum quantity and the reserved quantity of ports for the logical system as part of its security profile. | — |
dslite-softwire-initiator | Specify the number of IPv6 dual-stack lite (DS-Lite) softwire initiators that can connect to the softwire concentrator configured in either a user logical system or the master logical system. | — |
cpu | Specify the percentage of CPU utilization that is always available to a logical system. | — |
appfw-rule | Specify the number of application firewall rule configurations that a master administrator can configure for a master logical system or user logical system when the security profile is bound to the logical systems. | — |
nat-interface-port-ol | Specify the number of application firewall rule set configurations that a master administrator can configure for a master logical system or user logical system when the security profile is bound to the logical systems. | — |
nat-rule-referenced-prefix | Specify the security NAT interface port overloading the quota of a logical system. | — |
nat-port-ol-ipnumber | Specify the number of NAT port overloading IP number configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-cone-binding | Specify the number of NAT cone binding configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-static-rule | Specify the number of NAT static rule configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-destination-rule | Specify the number of NAT destination rule configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-source-rule | Specify the NAT source rule configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-nopat-address | Specify the number of NAT without port address translation configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-pat-address | Specify the number of NAT with port address translation (PAT) configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-destination-pool | Specify the number of NAT destination pool configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
nat-source-pool | Specify the NAT source pool configurations that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
flow-gate | Specify the number of flow gates, also known as pinholes that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
flow-session | Specify the number of flow sessions that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
policy | Specify the number of security policies with a count that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
security-log-stream-number | Specify the security log stream number. | — |
scheduler | Specify the number of schedulers that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
zone | Specify the zones that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
auth-entry | Specify the number of firewall authentication entries that user logical system administrators and master logical system administrators can configure for their logical systems if the security profile is bound to the logical systems. | — |
appfw-profile | Specify the application firewall profile quota of a logical system. | — |
address-book | Define entries in the address book. Address book entries can include any combination of IPv4 addresses, IPv6 addresses, DNS names, wildcard addresses, and address range. | — |
Reserved | A reserved quota that guarantees that the resource amount specified is always available to the logical system. | — |
Maximum | A maximum allowed quota. | — |
Range | The minimum and maximum range permitted for each corresponding resource name. | — |