security-profile
Syntax
security-profile {
profile name {
address-book (System) {
maximum maximum;
reserved reserved;
}
advanced-anti-malware-policy {
maximum maximum;
reserved reserved;
}
auth-entry {
maximum maximum;
reserved reserved;
}
cpu {
reserved percent;
}
dslite-softwire-initiator {
maximum maximum;
reserved reserved;
}
flow-gate {
maximum maximum;
reserved reserved;
}
flow-session {
maximum maximum;
reserved reserved;
}
icap-redirect-profile {
maximum maximum;
reserved reserved;
}
idp-policy idp-policy;
logical-system (System Security Profile) logical-system;
nat-cone-binding {
maximum maximum;
reserved reserved;
}
nat-destination-pool {
maximum maximum;
reserved reserved;
}
nat-destination-rule {
maximum maximum;
reserved reserved;
}
nat-interface-port-ol (System) {
maximum maximum;
reserved reserved;
}
nat-nopat-address {
maximum maximum;
reserved reserved;
}
nat-pat-address {
maximum maximum;
reserved reserved;
}
nat-pat-portnum {
maximum maximum;
reserved reserved;
}
nat-port-ol-ipnumber {
maximum maximum;
reserved reserved;
}
nat-rule-referenced-prefix (System) {
maximum maximum;
reserved reserved;
}
nat-source-pool {
maximum maximum;
reserved reserved;
}
nat-source-rule {
maximum maximum;
reserved reserved;
}
nat-static-rule {
maximum maximum;
reserved reserved;
}
policy (System Security Profile) {
maximum maximum;
reserved reserved;
}
policy-with-count {
maximum maximum;
reserved reserved;
}
root-logical-system;
scheduler (System Security Profile) {
maximum maximum;
reserved reserved;
}
secintel-policy {
maximum maximum;
reserved reserved;
}
secure-wire {
maximum maximum;
reserved reserved;
}
security-log-stream-number {
maximum maximum;
reserved reserved;
}
tenant tenant;
user-auth-entry {
maximum maximum;
reserved reserved;
}
vrf-group {
maximum maximum;
reserved reserved;
}
zone (System Security Profile) {
maximum maximum;
reserved reserved;
}
}
resources {
cpu-control;
cpu-control-target percent;
}
}
Hierarchy Level
[edit system], [edit tenants tenant-name]
Description
Create a security profile and specify the kinds and amounts of resources to allocate to a logical system to which the security profile is bound.
As a primary administrator, you can create a security profile and bind it to more than one logical system if you want to allocate the same kinds and amounts of resources to them. For details on how many security profiles you can create, see Understanding Logical Systems Security Profiles (Primary Administrators Only). When you reach the limit, you must delete a security profile and commit the configuration before you can create and commit the configuration for another security profile.
Only the primary administrator can create security profiles.
Options
| profile-name | Name of the security profile. |
| resources | Name of the resources. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 11.2.
The dslite-softwire-initiator option introduced in Junos OS Release 12.1.
The security-profile option added under the tenants hierarchy in Junos OS
Release 18.3R1.
The icap redirect profile option is introduced in Junos OS Release 18.3R1.
secure-wire option introduced in Junos OS Release
19.3R1.