User Logical System Configuration Overview

When the master administrator creates a user logical system, he assigns a user logical system administrator to manage it. A user logical system can have multiple user logical system administrators.

As a user logical system administrator, you can access and view resources in your user logical system but not those of other user logical systems or the master logical system. You can configure resources allocated to your user logical system, but you cannot modify the numbers of allocated resources.

1. Log in to the user logical system with the login and password configured by the master administrator:

   1. Telnet or SSH to the management IP address configured on the device. Log into the user logical system with the administrator login and password provided by the master administrator.

      You enter a UNIX shell in the user logical system configured by the master administrator.

   2. The presence of the > prompt indicates the CLI has started. The prompt is preceded by a string that contains your username, the hostname of the router, and the name of the user logical system. When the CLI starts, you are at the top level in operational mode. You enter configuration mode by entering the configure operational mode command. The CLI prompt changes from user@host: logical-system> to user@host: logical-system#.

      To exit the CLI and return to the UNIX shell, enter the quit command. See the Junos OS CLI User Guide .

2. Configure the logical interfaces assigned to the user logical system by the master administrator. Configure one or more routing instances and the routing protocols and options within each instance. See Example: Configuring Interfaces and Routing Instances for a User Logical System.

3. Configure security resources for the user logical system:

   1. Create zones for the user logical system and bind the logical interfaces to the zones. Address books can be created that are attached to zones for use in policies. See Example: Configuring Zones for a User Logical System.
   2. Configure screen options at the zone level. See Example: Configuring Screen Options for a User Logical System.
   3. Configure security policies between zones in the user logical system. See Example: Configuring Security Policies in a User Logical System.

      Custom applications or application sets can be created for specific types of traffic. To create a custom application, use the application configuration statement at the [edit applications] hierarchy level. To create an application set, use the application-set configuration statement at the [edit applications] hierarchy level.

   4. Configure firewall authentication. The master administrator creates access profiles in the master logical system. See Example: Configuring Access Profiles.

      The user logical system administrator creates one or more access profiles then configures a security policy that specifies firewall authentication for matching traffic and configures the type of authentication (pass-through or Web authentication), default access profile, and success banner. See Example: Configuring Firewall Authentication for a User Logical System.

   5. Configure a route-based VPN tunnel to secure traffic between a user logical system and a remote site. The master administrator assigns a secure tunnel interface to the user logical system and configures IKE and IPsec SAs for the VPN tunnel. See Example: Configuring IKE and IPsec SAs for a VPN Tunnel.

      The user logical system administrator then configures a route-based VPN tunnel. See Example: Configuring a Route-Based VPN Tunnel in a User Logical System.

   6. Configure Network Address Translation (NAT). See Example: Configuring Network Address Translation for a User Logical System.
   7. Enable IDP. The master administrator configures IDP policies at the root level and specifies an IDP policy in the security profile that is bound to a logical system. See Example: Configuring an IDP Policy for a User Logical System.

      The user logical system administrator then enables IDP in a security policy. See Example: Enabling IDP in a User Logical System Security Policy.

   8. Display or clear application system cache (ASC) entries. See Understanding Logical System Application Identification Services.
   9. Configure application firewall services on a user logical system. See Understanding Logical System Application Firewall Services and Example: Configuring Application Firewall Services for a User Logical System.
   10. Configure the AppTrack application tracking tool. See Example: Configuring AppTrack for a User Logical System.