Related Documentation
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring Zones for a User Logical System
This example shows how to configure zones for a user logical system.
Requirements
Before you begin:
- Log in to the user logical system as the user logical system administrator. See User Logical System Configuration Overview.
- Use the show system security-profile zones command
to see the zone resources allocated to the logical system. See the Junos OS CLI Reference .
- Logical interfaces for the user logical system must be configured. See Example: Configuring Interfaces and Routing Instances for a User Logical System.
Overview
This example configures the ls-product-design user logical system shown in Example: Creating User Logical Systems, Their Administrators, Their Users, and an Interconnect Logical System.
This example creates the zones and address books described in Table 1.
Table 1: User Logical System Zone and Address Book Configuration
Feature | Name | Configuration Parameters |
|---|---|---|
Zones | ls-product-design-trust |
|
ls-product-design-untrust |
| |
Address books | product-design-internal |
|
product-design-external |
|
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
The following example requires you to navigate various levels
in the configuration hierarchy. For instructions on how to do that,
see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .
To configure zones in a user logical system:
- Log in to the user logical system as the logical system
administrator and enter configuration mode.lsdesignadmin1@host:ls-product-design> configurelsdesignadmin1@host:ls-product-design#
- Configure a security zone and assign it to an interface.[edit security zones]lsdesignadmin1@host:ls-product-design# set security-zone ls-product-design-trust interfaces ge-0/0/5.1
- Configure the TCP-Reset parameter for the zone.[edit security zones security-zone ls-product-design-trust]lsdesignadmin1@host:ls-product-design# set tcp-rst
- Configure a security zone and assign it to an interface.[edit security zones]lsdesignadmin1@host:ls-product-design# set security-zone ls-product-design-untrust interfaces lt-0/0/0.3
- Create global address book entries.[edit security]lsdesignadmin1@host:ls-product-design# set address-book product-design-internal address product-designers 12.1.1.0/24lsdesignadmin1@host:ls-product-design# set address-book product-design-external address marketing 13.1.1.0/24lsdesignadmin1@host:ls-product-design# set address-book product-design-external address accounting 14.1.1.0/24lsdesignadmin1@host:ls-product-design# set address-book product-design-external address others 12.12.1.0/24lsdesignadmin1@host:ls-product-design# set address-book product-design-external address-set otherlsys address marketinglsdesignadmin1@host:ls-product-design# set address-book product-design-external address-set otherlsys address accounting
- Attach address books to zones.[edit security]lsdesignadmin1@host:ls-product-design# set address-book product-design-internal attach zone ls-product-design-trustlsdesignadmin1@host:ls-product-design# set address-book product-design-external attach zone ls-product-design-untrust
Results
From configuration mode, confirm your configuration by entering the show security zones command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
Related Documentation
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
