Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Example: Configuring Security Profiles for Logical Systems

    In this example, you configure security profiles for a logical system.

    Requirements

    This example uses the SRX Series devices running Junos OS with logical systems.

    Before you begin:

    Overview

    As master administrator, you can configure a single security profile to assign resources to a specific logical system. You can use the same security profile for more than one logical system, or use a mix of both methods.

    Configuration

    Configuring Logical System Security Profiles logical-system

    CLI Quick Configuration

    To quickly configure this example this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set system security-profile p1 security-log-stream-number reserved 1
    set system security-profile p1 security-log-stream-number maximum 2
    set system security-profile p1 logical-system LSYS1

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

    1. Configure a security profile and specify the number of maximum and reserved policies.
      [edit system]
      user@host# set security-profile p1 security-log-stream-number reserved 1
      user@host# set security-profile p1 security-log-stream-number maximum 2
    2. Assign the configured security profile to LSYS1.
      user@host# set security-profile p1 logical-system LSYS1

    Results

    From configuration mode, confirm your configuration by entering the show system security-profile command to see all security profiles configured.

    [edit]
    user@host# show system security-profile
    p1 {
    security-log-stream-number {
    maximum 2;
    reserved 1;
    }
    logical-system LSYS1;
    }

    Verification

    To confirm that the configuration is working properly, perform these tasks:

    Verifying Security Profile Resources for Logical Systems

    Purpose

    Verify the security resources for each logical system.

    Action

    From operational mode, enter the show system security-profile all-resource, show system security-profile security-log-stream-number logical-system all, show system security-profile security-log-stream-number summary, or show system security-profile security-log-stream-number detail logical-system all command to see the output:

    show system security-profile all-resource

    user@host> show system security-profile all-resource
    resource                                usage    reserved     maximum
    
    [logical system name:   root-logical-system] 
    [security profile name: Default-Profile] 
    address-book                                0           0         512
    auth-entry                                  0           0  2147483647
    cpu on CP                               0.00%       1.00%      80.00%
    cpu on SPU                              0.00%       1.00%      80.00%
    flow-gate                                   0           0      524288
    flow-session                                2           0     6291456
    nat-cone-binding                            0           0       65536
    nat-destination-pool                        0           0        4096
    nat-destination-rule                        0           0        8192
    nat-nopat-address                           0           0     1048576
    nat-pat-address                             0           0        2048
    nat-port-ol-ipnumber                        0           0           4
    nat-rule-referenced-prefix                  0           0     1048576
    nat-source-pool                             0           0        2048
    nat-source-rule                             0           0        8192
    nat-static-rule                             0           0       20480
    policy                                      0           0       40000
    policy-with-count                           0           0        1024
    scheduler                                   0           0          64
    zone                                        0           0         512

    Meaning

    The sample outputs displays information about the resources allocated to the logical system in a security profile. For each resource specified, the number used by the logical system and the configured maximum and reserved values are displayed.

    Verifying Security Log Stream Number for Logical Systems

    Purpose

    Verify the security-log-stream-number for each logical system.

    Action

    From operational mode, enter the show system security-profile security-log-stream-number logical-system all command to see the output:

    show system security-profile security-log-stream-number logical-system all

    user@host> show system security-profile security-log-stream-number logical-system all
    logical system name   security profile name       usage    reserved     maximum
    root-logical-system   Default-Profile                 1           0           3
    LSYS1                 sp1                             0           1           3
    LSYS2                 sp2                             1           0           3
    

    Meaning

    The sample output displays the information about a resource allocated to the logical system in a security profile with security profile name. For each resource specified, the number used by the logical system and the configured maximum and reserved values are displayed.

    Verifying Security Log Stream Number summary for Logical Systems

    Purpose

    Verify the security-log-stream-number summary.

    Action

    From operational mode, enter the show system security-profile security-log-stream-number summary command to see the output:

    show system security-profile security-log-stream-number summary

    user@host> show system security-profile security-log-stream-number summary
    global used amount      : 0
    global maximum quota    : 32
    global available amount : 32
    total logical systems   : 1
    total security profiles : 0
    heaviest usage / user   : 0     / root-logical-system
    lightest usage / user   : 0     / root-logical-system
    

    Meaning

    The sample output displays the summary information about the resource for all logical systems.

    Verifying Security Log Stream Number detail for Logical Systems

    Purpose

    Verify the security-log-stream-number detail.

    Action

    From operational mode, enter the show system security-profile security-log-stream-number detail logical-system all command to see the output:

    show system security-profile security-log-stream-number detail logical-system all

    user@host> show system security-profile security-log-stream-number detail logical-system all
    logical system name     : root-logical-system
    security profile name   : Default-Profile
    used amount             : 0
    reserved amount         : 0
    maximum quota           : 8
    
    logical system name     : lsys0
    security profile name   : lsys_profile
    used amount             : 0
    reserved amount         : 0
    maximum quota           : 8
    
    logical system name     : lsys1
    security profile name   : lsys_profile
    used amount             : 0
    reserved amount         : 0
    maximum quota           : 8
    
    logical system name     : lsys2
    security profile name   : lsys_profile
    used amount             : 0
    reserved amount         : 0
    maximum quota           : 8
    

    Meaning

    The sample output displays the detailed level of output for all logical systems.

     

    Related Documentation

     

    Modified: 2018-05-28