Predefined Configuration Templates
Contrail Service Orchestration (CSO) provides predefined configuration templates that you can access from the Configuration Templates page (Resources > Configuration Templates).
Predefined configuration templates are available for SRX Series, NFX150, and NFX250 devices:
Table 1 lists the predefined configuration templates for SRX Series and NFX Series (NFX150 and NFX250) devices.
Table 2 lists the predefined configuration templates for SRX Series Firewalls.
Table 3 lists the predefined configuration templates for NFX150 devices.
Table 4 lists the predefined configuration templates for NFX250 devices.
Name |
Description |
---|---|
common-banner |
Configure the banner that appears when you log in to an SRX or NFX Series device. |
common-disable-auto-negotiation |
Disable Ethernet autonegotiation on the interfaces of an SRX or NFX Series device. If you disable Ethernet autonegotiation, you must configure values for link mode and link speed when you deploy the template. |
common-dns |
Configure Domain Name System (DNS) server settings on an SRX or NFX Series device. |
common-firewall-filters |
Configure firewall filters that determine whether to allow or deny traffic before it enters or exits a port to which the firewall filter is applied. |
common-idp-sensor-packet-log |
Configure an SRX or NFX Series device for packet capture, by defining the amount of memory to be allocated for packet capture and the maximum number of sessions that can generate packet capture data for the device at a time. |
common-lacp |
Configure link aggregation control protocol (LACP) on an SRX or NFX Series device. |
common-local-user |
Configure a local user on an SRX or NFX Series device. |
common-nat-global-settings |
Configure network address translation (NAT) settings (such as pool utilization alarms, port randomization, and so on) on an SRX or NFX Series device. |
common-ntp |
Configure Network Time Protocol (NTP) settings on an SRX or NFX Series device. |
common-password-config |
Change the default password for a root user on an SRX or NFX Series device. |
common-pre-id-default-policy |
Configure the default policy action that occurs prior to dynamic application identification (AppID). During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list, an SRX or NFX Series device applies the default security policy until a more explicit match is found. |
common-sdwan-dhcprelay |
Configure extended DHCP relay and DHCPv6 relay options on an SRX or NFX Series device and enable the device to function as a DHCP relay agent. A DHCP relay agent forwards DHCP Request and DHCP Reply packets between a DHCP client and a DHCP server. |
common-service |
Configure the FTP, SSH, and NETCONF settings on an SRX or NFX Series device. |
common-snmp-config-basic |
Configure basic SNMP version 2 (SNMPv2) parameters on an SRX or NFX Series device. |
common-static-routes |
Configure static routes to be installed in the routing table for an SRX or NFX Series device. You can specify one or more routes within a single static statement, and you can specify one or more static options in the configuration. For more information, see static (Routing Options). |
common-syslog |
Configure syslog settings on an SRX or NFX Series device. |
common-Content Security-global |
Configure the routing instance, on an SRX or NFX Series device, through which the DNS server can be reached to resolve the Content Security Web filtering URL. |
Name |
Description |
---|---|
ngfw-ipsec-vpn |
Configure IPsec VPN settings for an SRX next-generation firewall (NGFW) device. |
srx-dhcp |
Configure an SRX Series Firewall as a Dynamic Host Configuration Protocol (DHCP) server. |
srx-dns |
Configure Domain Name System (DNS) server settings on an SRX Series Firewall. |
srx-hub-breakout-stage2-config |
Use this template to configure NAT on WAN links of provider hubs for breakout traffic. You can configure NAT on provider hubs with DATA_ONLY and OAM_AND_DATA capabilities. The configuration template can be applied per tenant provided, the tenant has at least one branch site connected to the provider hub configured for NAT. Note:
You can configure NAT using the template only on existing WAN links and not on additional WAN links later added by tenants. Interface-based source NAT is used as the tunnel in the NAT configuration template. |
srx-sdwan-dhcp-relay |
Configure extended DHCP relay and DHCPv6 relay options on an SRX Series Firewall and enable the device to function as a DHCP relay agent. A DHCP relay agent forwards DHCP Request and DHCP Reply packets between a DHCP client and a DHCP server. |
srx-sdwan-mgmnt |
Configure the SNMP version 3 (SNMPv3), NTP, syslog, and TACACS parameters for managing an SRX Series Firewall. For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template. |
srx-vrrp |
Configure virtual router redundancy protocol (VRRP) on an SRX Series Firewall. |
Name |
Description |
---|---|
nfx3-sdwan-mgmnt |
Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing an NFX150 device. For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template. |
Name |
Description |
---|---|
nfx-cluster-sdwan-gwr-dhcprelay |
Configure extended DHCP relay and DHCPv6 relay options on an NFX250 cluster and enable the cluster to function as a DHCP relay agent. A DHCP relay agent forwards DHCP Request and DHCP Reply packets between a DHCP client and a DHCP server. |
nfx-sdwan-gwr-mgmnt |
Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the gateway router (vSRX Virtual Firewall) on an NFX250 device. For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template. |
nfx-sdwan-jcp-mgmnt |
Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the Junos Control Plane (JCP) component of an NFX250 device. For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template. |
nfx-sdwan-jdm-mgmnt |
Configure the SNMPv3, NTP, syslog, and TACACS parameters for managing the Juniper Device Manager (JDM) component of an NFX250 device. For TACACS and SNMPv3 settings to work on the device on which you are deploying the configuration template, you must enable the Allow TACACS Access and Allow SNMP Access toggle buttons in the associated device template. |