Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add a Logical System

You are here: Device Administration > Multi Tenancy > Logical Systems.

To add a logical system:

  1. Click the add icon (+) on the upper right side of the Logical Systems page.

    The Create Logical Systems page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click Finish to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add Logical Systems Page

Field

Description
General Details

Name

Enter a logical system name of a selected Resource Profile. Only one Resource Profile can be selected, per logical system.

The string must contain alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.
Logical System Resource Profile

Click one:

  • Add icon (+)—Adds Resource Profiles.

  • Edit icon (/)—Edits the selected Resource Profiles.

  • Delete icon (X)—Deletes the selected Resource Profiles.

  • Search icon—Enables you to search a Resource Profile in the grid.

  • Filter icon —Enables you to filter the selected option in the grid.

  • Show Hide Column Filter icon—Enables you to show or hide a column in the grid.

Profile Name

Enter a name of the security profile.

The string must contain an alphanumeric character and can include underscores; no spaces allowed; 31 characters maximum.

IPS Policy

Select an IPS policy from the list.
Resource Allocation

Resource Name

Displays the resource name.

  • nat-pat-portnum—Specify the maximum quantity and the reserved quantity of ports for the logical system as part of its security profile.

  • dslite-softwire-initiator—Specify the number of IPv6 dual-stack lite (DS-Lite) softwire initiators that can connect to the softwire concentrator configured in either a user logical system or the primary logical system.

  • cpu—Specify the percentage of CPU utilization that is always available to a logical system.

  • appfw-rule—Specify the number of application firewall rule configurations that a primary administrator can configure for a primary logical system or user logical system when the security profile is bound to the logical systems.

  • nat-interface-port-ol—Specify the number of application firewall rule set configurations that a primary administrator can configure for a primary logical system or user logical system when the security profile is bound to the logical systems.

  • nat-rule-referenced-prefix—Specify the security NAT interface port overloading the quota of a logical system.

  • nat-port-ol-ipnumber—Specify the number of NAT port overloading IP number configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-cone-binding—Specify the number of NAT cone binding configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-static-rule—Specify the number of NAT static rule configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-destination-rule—Specify the number of NAT destination rule configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-source-rule—Specify the NAT source rule configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-nopat-address—Specify the number of NAT without port address translation configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-pat-address—Specify the number of NAT with port address translation (PAT) configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-destination-pool—Specify the number of NAT destination pool configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • nat-source-pool—Specify the NAT source pool configurations that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • flow-gate—Specify the number of flow gates, also known as pinholes that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • flow-session—Specify the number of flow sessions that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • policy—Specify the number of security policies with a count that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • security-log-stream-number—Specify the Security log stream number quota of a logical system.

  • scheduler—Specify the number of schedulers that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • zone—Specify the zones that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • auth-entry—Specify the number of firewall authentication entries that user logical system administrators and primary logical system administrators can configure for their logical systems if the security profile is bound to the logical systems.

  • address-book—Specify the entries in the address book. Address book entries can include any combination of IPv4 addresses, IPv6 addresses, DNS names, wildcard addresses, and address range.

Range

Display range for each resource.

Edit

Select a resource and click on the pencil icon to edit Reserved and Maximum fields.

Reserved

Specify reserved quota that guarantees that the resource amount specified is always available to the logical system.

Maximum

Specify the maximum allowed quota.

IPS Max Sessions

Enter maximum number of sessions. Use up and down arrow keys to increase or decrease the number.
Users

Click one:

  • Add icon (+)—Create users.

  • Edit icon (/)—Edit the selected users.

  • Delete icon (X)—Delete the selected users.
Create-Edit users

Username

Enter a username.

Maximum length is 64 characters.

Role

  • Logical System Administrator

  • Read only Access User

    Note:

    LSYS Read Only user can only view the options but cannot modify them.

Password

Enter a password for the user which is more than 6 characters but less than 128 characters.

Confirm Password

Re-enter the new password to confirm.
Interfaces

Click One:

  • Enable/Disable —Enable or disable the physical interface.

  • Add icon (+)—Add logical interfaces.

  • Edit icon (/)—Edit the selected users.

  • Delete icon (X)—Delete the selected users.
Create-Edit logical interfaces
General

Physical Interface Name

Displays the name of the Physical Interface.

Logical Interface Unit

Enter the logical Interface Unit

Description

Enter the description.

VLAN ID

Enter the VLAN ID. VLAN ID is mandatory.
IPV4 Address

IPV4 Address

Click + and enter a valid IP address.

Subnet Mask

Enter a valid subnet mask.

Delete

Select the IPv4 address and click the delete icon to delete the address.
IPV6 Address

IPV6 Address

Enter a valid IP address.

Subnet Mask

Enter a valid subnet mask.

Delete

Select the IPv6 address and click the delete icon to delete the address.
Zones

Click One:

  • Add icon (+)—Create security zones.

  • Edit icon (/)—Edit the selected security zones.

  • Delete icon (X)—Delete the selected security zone.

  • Search icon—Search for a security zone.
Create-Edit Security Zones
General

Name

Enter a valid name of the zone.

Description

Enter a description of the zone.

Application Tracking

Enables the application tracking support.

Source Identity Log

Enable source identity log for this zone.
Interfaces

Select an interface from the Available column and move it to Selected column.

Selected interfaces

Displays the selected interfaces.

System Services

Select system services from the following options:

Note:

Select the Except check box to allow services other than the selected services.

  • all—Specify all system services.

  • any-service—Specify services on entire port range.

  • appqoe—Specify the APPQOE active probe service.

  • bootp—Specify the Bootp and dhcp relay agent service.

  • dhcp—Specify the Dynamic Host Configuration Protocol.

  • dhcpv6—Enable Dynamic Host Configuration Protocol for IPV6.

  • dns—Specify the DNS service.

  • finger—Specify the finger service.

  • ftp—Specify the FTP protocol.

  • http—Specify the web management using HTTP.

  • https—Specify the web management using HTTP secured by SSL.

  • ident-reset—Specify the send back TCP RST IDENT request for port 113.

  • ike—Specify the Internet key exchange.

  • lsping—Specify the Label Switched Path ping service.

  • netconf—Specify the NETCONF Service.

  • ntp—Specify the network time protocol service.

  • ping—Specify the internet control message protocol.

  • r2cp—Enable Radio-Router Control Protocol service.

  • reverse-ssh—Specify the reverse SSH Service.

  • reverse-telnet—Specify the reverse telnet Service.

  • rlogin—Specify the Rlogin service

  • rpm—Specify the Real-time performance monitoring.

  • rsh—Specify the Rsh service.

  • snmp—Specify the Simple Network Management Protocol Service.

  • snmp-trap—Specify the Simple Network Management Protocol trap.

  • ssh—Specify the SSH service.

  • tcp-encap—Specify the TCP encapsulation service.

  • telnet—Specify the Telnet service.

  • tftp—Specify the TFTP

  • traceroute—Specify the traceroute service.

  • webapi-clear-text—Specify the Webapi service using http.

  • webapi-ssl—Specify the Webapi service using HTTP secured by SSL.

  • xnm-clear-text—Specify the JUNOScript API for unencrypted traffic over TCP.

  • xnm-ssl—Specify the JUNOScript API Service over SSL.

Protocols

Select a protocol from the following options:

Note:

Select the Except check box to allow protocols other than the selected protocols.

  • bfd—Bidirectional Forwarding Detection.

  • bgp—Broder Gateway protocol.

  • dvmrp—Distance Vector Multicast Routing Protocol.

  • igmp—Internet group management protocol.

  • ldp— label Distribution Protocol.

  • msdp—Multicast source discovery protocol.

  • nhrp—Next Hop Resolution Protocol.

  • ospf—Open shortest path first.

  • ospf3—Open shortest path first version 3.

  • pgm—Pragmatic General Multicast.

  • pim—Protocol independent multicast.

  • rip—Routing information protocol.

  • ripng—Routing information protocol next generation.

  • router-discovery—Router Discovery.

  • rsvp—Resource reservation protocol.

  • sap—Session Announcement Protocol.

  • vrrp—Virtual Router redundancy protocol.

Traffic Control Options

Enable this option to send RST for NON-SYN packet not matching TCP session.

Related Documentation