Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close

external-header-nav

J-Web User Guide for SRX Series Firewalls

keyboard_arrow_up

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Juniper Web Device Manager
- play_arrow Getting Started
play_arrow Add SRX Series Firewall to Security Director Cloud
- Add an SRX Series Firewall to Juniper Security Director Cloud
play_arrow Dashboard
- play_arrow J-Web Dashboard
  - Dashboard Overview
play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
  - About Reports Page
play_arrow Device Administration
- play_arrow Basic Settings
  - Configure Basic Settings
- play_arrow Cluster Management
  - Configure Cluster (HA) Setup
  - About the Cluster Configuration Page
  - Edit Node Settings
  - Add an HA Cluster Interface
  - Edit an HA Cluster Interface
  - Delete an HA Cluster Interface
  - Add a Redundancy Group
  - Edit a Redundancy Group
  - Delete a Redundancy Group
- play_arrow User & Roles
  - About the Users Page
  - Create a User
  - Edit a User
  - Delete a User
  - About the Roles Page
  - Create a Role
  - Edit a Role
  - Delete a User
- play_arrow Multi Tenancy—Resource Profiles
  - About the Resource Profiles Page
  - Global Settings
  - Add a Resource Profile
  - Edit a Resource Profile
  - Delete a Resource Profile
- play_arrow Multi Tenancy—Interconnect Ports
  - About the Interconnect Ports Page
  - Add a LT Logical Interface
  - Edit a LT Logical Interface
  - Delete a Logical Interface
  - Search for Text in an Interconnect Ports Table
- play_arrow Multi Tenancy—Logical Systems
  - About the Logical Systems Page
  - Add a Logical System
  - Edit a Logical System
  - Delete a Logical System
  - Search Text in Logical Systems Table
- play_arrow Multi Tenancy—Tenants
  - About the Tenants Page
  - Add a Tenant
  - Edit a Tenant
  - Delete a Tenant
  - Search Text in Tenants Table
- play_arrow Certificate Management—Device Certificates
  - About the Device Certificates Page
  - Import a Device Certificate
  - Export a Device Certificate
  - Add a Device Certificate
  - Delete a Device Certificate
  - View Details of a Device Certificate
  - Search Text in the Device Certificates Table
- play_arrow Certificate Management—Trusted Certificate Authority
  - About the Trusted Certificate Authority Page
  - Generate Default Trusted Certificate Authorities
  - Enroll a CA Certificate
  - Import a CA Certificate
  - Add a Certificate Authority Profile
  - Edit a Certificate Authority Profile
  - Delete a Certificate Authority Profile
  - Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
  - About the Certificate Authority Group Page
  - Import a Trusted CA Group
  - Add a CA Group
  - Edit a CA Group
  - Delete a CA Group
  - Search Text in the Certificate Authority Group Table
- play_arrow License Management
  - Manage Your Licenses
- play_arrow Security Package Management
  - About the Security Package Management Page
  - Install or Upload IPS Signatures Package
  - IPS Signatures Settings
  - Install Application Signatures Package
  - Application Signatures Settings
  - Install URL Category Package
  - URL Categories Settings
- play_arrow ATP Management
  - Enroll Your Device with Juniper ATP Cloud
  - About the Diagnostics Page
- play_arrow Operations
  - Maintain Files
  - Maintain Reboot Schedule
  - Maintain System Snapshots
- play_arrow Software Management
  - Upload Software Packages
  - Install Software Packages
  - Rollback Software Package Version
- play_arrow Configuration Management
  - Manage Upload Configuration Files
  - Manage Configuration History
  - Manage Rescue Configuration
- play_arrow Alarm Management
  - Monitor Chassis Alarm
  - Monitor System Alarm
- play_arrow RPM
  - Setup RPM
  - View RPM
- play_arrow Tools
  - Troubleshoot Ping Host
  - Troubleshoot Ping MPLS
  - Troubleshoot Traceroute
  - Troubleshoot Packet Capture
  - Access CLI
  - View CLI Configuration
  - Edit CLI Configuration
  - Point and Click CLI
- play_arrow Reset Configuration
  - Reset Configuration and Rerun Setup Wizard
play_arrow Network
- play_arrow Connectivity—Interfaces
  - About the Interfaces Page
  - Add a Logical Interface
  - Edit an Interface
  - Delete a Logical Interface
- play_arrow Connectivity—VLAN
  - About the VLAN Page
  - Add a VLAN
  - Edit a VLAN
  - Delete a VLAN
  - Assign an Interface to VLAN
- play_arrow Connectivity—Link Aggregation
  - About the Link Aggregation Page
  - Link Aggregation Global Settings
  - Add a Logical Interface to Link Aggregation
  - Add a Link Aggregation
  - Edit an Aggregated Interface
  - Delete Link Aggregation
  - Search for Text in the Link Aggregation Table
- play_arrow Connectivity—Wireless LAN
  - About the Settings Page
  - Create an Access Point
  - Edit an Access Point
  - Delete an Access Point
  - Create an Access Point Radio Setting
  - Edit an Access Point Radio Setting
  - Delete an Access Point Radio Settings
- play_arrow DHCP Client
  - About the DHCP Client Page
  - Add DHCP Client Information
  - Delete DHCP Client Information
- play_arrow DHCP Server
  - About the DHCP Server Page
  - Add a DHCP Pool
  - Edit a DHCP Pool
  - Delete a DHCP Pool
  - DHCP Groups Global Settings
  - Add a DHCP Group
  - Edit a DHCP Group
  - Delete a DHCP Group
- play_arrow Firewall Filters—IPv4
  - About the IPv4 Page
  - Add IPv4 Firewall Filters
- play_arrow Firewall Filters—IPv6
  - About the IPv6 Page
  - Add IPv6 Firewall Filters
- play_arrow Firewall Filters—Assign to Interfaces
  - About the Assign to Interfaces Page
- play_arrow NAT Policies
  - About the NAT Policies Page
  - Create a Source NAT
  - Edit a Source NAT
  - Delete a Source NAT
- play_arrow NAT Pools
  - About the NAT Pools Page
  - Global Options
  - Create a Source NAT Pool
  - Edit a Source NAT Pool
  - Delete a Source NAT Pool
  - Add a Destination NAT Pool
  - Edit a Destination NAT Pool
  - Delete a Destination NAT Pool
- play_arrow Destination NAT
  - About the Destination Page
  - Add a Destination Rule Set
  - Edit a Destination Rule Set
  - Delete a Destination Rule Set
- play_arrow Static NAT
  - About the Static Page
  - Add a Static Rule Set
  - Edit a Static Rule Set
  - Delete a Static Rule Set
- play_arrow NAT Proxy ARP/ND
  - About the Proxy ARP/ND Page
  - Add a Proxy ARP
  - Edit a Proxy ARP
  - Delete a Proxy ARP
  - Add a Proxy ND
  - Edit a Proxy ND
  - Delete a Proxy ND
- play_arrow Static Routing
  - About the Static Routing Page
  - Add a Static Route
  - Edit a Static Route
  - Delete a Static Route
- play_arrow RIP Routing
  - About the RIP Page
  - Add a RIP Instance
  - Edit a RIP Instance
  - Delete a RIP Instance
  - Edit RIP Global Settings
  - Delete RIP Global Settings
- play_arrow OSPF Routing
  - About the OSPF Page
  - Add an OSPF
  - Edit an OSPF
  - Delete an OSPF
- play_arrow BGP Routing
  - About the BGP Page
  - Add a BGP Group
  - Edit a BGP Group
  - Delete a BGP Group
  - Edit Global Information
- play_arrow Routing Instances
  - About the Routing Instances Page
  - Add a Routing Instance
  - Edit a Routing Instance
  - Delete a Routing Instance
- play_arrow Routing—Policies
  - About the Policies Page
  - Global Options
  - Add a Policy
  - Clone a Policy
  - Edit a Policy
  - Delete a Policy
  - Test a Policy
- play_arrow Routing—Forwarding Mode
  - About the Forwarding Mode Page
- play_arrow CoS—Value Aliases
  - About the Value Aliases Page
  - Add a Code Point Alias
  - Edit a Code Point Alias
  - Delete a Code Point Alias
- play_arrow CoS—Forwarding Classes
  - About the Forwarding Classes Page
  - Add a Forwarding Class
  - Edit a Forwarding Class
  - Delete a Forwarding Class
- play_arrow CoS Classifiers
  - About the Classifiers Page
  - Add a Classifier
  - Edit a Classifier
  - Delete a Classifier
- play_arrow CoS—Rewrite Rules
  - About the Rewrite Rules Page
  - Add a Rewrite Rule
  - Edit a Rewrite Rule
  - Delete a Rewrite Rule
- play_arrow CoS—Schedulers
  - About the Schedulers Page
  - Add a Scheduler
  - Edit a Scheduler
  - Delete a Scheduler
- play_arrow CoS—Scheduler Maps
  - About the Scheduler Maps Page
  - Add a Scheduler Map
  - Edit a Scheduler Map
  - Delete a Scheduler Map
- play_arrow CoS—Drop Profile
  - About the Drop Profile Page
  - Add a Drop Profile
  - Edit a Drop Profile
  - Delete a Drop Profile
- play_arrow CoS—Virtual Channel Groups
  - About the Virtual Channel Groups Page
  - Add a Virtual Channel
  - Edit a Virtual Channel
  - Delete a Virtual Channel
- play_arrow CoS—Assign To Interface
  - About the Assign To Interface Page
  - Edit a Port
  - Add a Logical Interface
  - Edit a Logical Interface
  - Delete a Logical Interface
- play_arrow Application QoS
  - About the Application QoS Page
  - Add an Application QoS Profile
  - Edit an Application QoS Profile
  - Clone an Application QoS Profile
  - Delete an Application QoS Profile
  - Add a Rate Limiter Profile
  - Edit a Rate Limiter Profile
  - Clone a Rate Limiter Profile
  - Delete a Rate Limiter Profile
- play_arrow IPsec VPN
  - About the IPsec VPN Page
  - IPsec VPN Global Settings
  - Create a Site-to-Site VPN
  - Create a Remote Access VPN—Juniper Secure Connect
  - Create a Remote Access VPN—NCP Exclusive Client
  - Edit an IPsec VPN
  - Delete an IPsec VPN
- play_arrow Manual Key VPN
  - About the Manual Key VPN Page
  - Add a Manual Key VPN
  - Edit a Manual Key VPN
  - Delete a Manual Key VPN
- play_arrow Dynamic VPN
  - About the Dynamic VPN Page
  - Global Settings
  - IPsec Template
  - Add a Dynamic VPN
  - Edit a Dynamic VPN
  - Delete a Dynamic VPN
play_arrow Security Policies and Objects
- play_arrow Security Policies
- play_arrow Metadata Streaming Policy
- play_arrow Zones/Screens
- play_arrow Zone Addresses
- play_arrow Global Addresses
- play_arrow Services
- play_arrow Dynamic Applications
- play_arrow Application Tracking
  - About the Application Tracking Page
- play_arrow Schedules
- play_arrow Proxy Profiles
play_arrow Security Services
- play_arrow Content Security Default Configuration
  - About the Default Configuration Page
  - Edit a Default Configuration
  - Delete a Default Configuration
- play_arrow Content Security Antivirus Profiles
  - About the Antivirus Profiles Page
  - Add an Antivirus Profile
  - Clone an Antivirus Profile
  - Edit an Antivirus Profile
  - Delete an Antivirus Profile
  - Prevent Virus Attacks by Using J-Web Content Security Antivirus
- play_arrow Content Security Web Filtering Profiles
  - About the Web Filtering Profiles Page
  - Add a Web Filtering Profile
  - Clone a Web Filtering Profile
  - Edit a Web Filtering Profile
  - Delete a Web Filtering Profile
  - Allow or Block Websites by Using J-Web Integrated Content Security Web Filtering
- play_arrow Content Security Antispam Profiles
  - About the Antispam Profiles Page
  - Add an Antispam Profile
  - Clone an Antispam Profile
  - Edit an Antispam Profile
  - Delete an Antispam Profile
- play_arrow Content Security Content Filtering Profiles
  - About the Content Filtering Profiles Page
  - Add a Content Filtering Profile
  - Clone a Content Filtering Profile
  - Edit a Content Filtering Profile
  - Delete a Content Filtering Profile
- play_arrow Content Security Custom Objects
  - About the Custom Objects Page
  - Add a MIME Pattern List
  - Add a File Extension List
  - Add a Protocol Command List
  - Add a URL Pattern List
  - Add a URL Category List
  - Add a Custom Message List
  - Clone Custom Objects
  - Edit Custom Objects
  - Delete Custom Objects
- play_arrow Content Security Policies
  - About the Content Security Policies Page
  - Create a Content Security Policy
  - Clone a Content Security Policy
  - Edit a Content Security Policy
  - Delete a Content Security Policy
- play_arrow IPS Policies
  - About the IPS Policies Page
  - Import IPS Predefined Policies
  - Add an IPS Policy
  - Clone an IPS Policy
  - Edit an IPS Policy
  - Delete an IPS Policy
  - Add Rules to an IPS Policy
  - Edit an IPS Policy Rule
  - Delete an IPS Policy Rule
- play_arrow IPS Signatures
  - About the IPS Signatures Page
  - Import Snort Rules
  - Create a Custom IPS Signature
  - Create IPS Signature Static Groups
  - Create IPS Signature Dynamic Group
  - Clone an IPS Signature
  - Edit an IPS Signature
  - Delete an IPS Signature
- play_arrow IPS Sensor
  - About the Sensor Page
- play_arrow ALG
  - About the ALG Page
- play_arrow Metadata Streaming Profile
  - About the Metadata Streaming Profile Page
  - Configure DNS Filter
  - Create a Metadata Streaming Profile
  - Edit a Metadata Streaming Profile
  - Delete a Metadata Streaming Profile
- play_arrow ATP Anti-malware
  - About the Anti-malware Page
  - Create an Anti-malware Profile
  - Edit an Anti-malware Profile
  - Delete an Anti-malware Profile
- play_arrow ATP SecIntel Profiles
  - About the SecIntel Profiles Page
  - Configure DNS Sinkhole
  - Create a Command and Control Profile
  - Edit a Command and Control Profile
  - Delete a Command and Control Profile
  - Create a DNS Profile
  - Edit a DNS Profile
  - Delete a DNS Profile
  - Create an Infected Hosts Profile
  - Edit an Infected Hosts Profile
  - Delete an Infected Hosts Profile
- play_arrow ATP SecIntel Profile Groups
  - About the SecIntel Profile Groups Page
  - Create a SecIntel Profile Group
  - Edit a SecIntel Profile Group
  - Delete a SecIntel Profile Group
- play_arrow SSL Initiation Profiles
  - About the SSL Initiation Profile Page
  - Add an SSL Initiation Profile
  - Edit an SSL Initiation Profile
  - Delete SSL Initiation Profile
- play_arrow SSL Proxy Profiles
  - About the SSL Proxy Page
  - Add an SSL Proxy Profile
  - Clone an SSL Proxy Profile
  - Edit an SSL Proxy Profile
  - Delete a SSL Proxy Profile
- play_arrow Firewall Authentication—Access Profile
  - About the Access Profile Page
  - Add an Access Profile
  - Edit an Access Profile
  - Delete an Access Profile
- play_arrow Firewall Authentication—Address Pools
  - About the Address Pools Page
  - Add an Address Pool
  - Edit an Address Pool
  - Delete Address Pool
  - Search for Text in an Address Pools Table
- play_arrow Firewall Authentication Settings
  - About the Authentication Settings Page
- play_arrow Firewall Authentication—UAC Settings
  - About the UAC Settings Page
- play_arrow Firewall Authentication—Active Directory
  - About the Active Directory Page
- play_arrow Firewall Authentication—Local Authentication
  - About the Local Authentication Page
  - Add a Local Authentication Entry
  - Delete a Local Authentication Entry
- play_arrow Firewall Authentication—Authentication Priority
  - About the Authentication Priority Page
- play_arrow Firewall Authentication—JIMS
  - About the Juniper Identity Management Service Page
  - Add a Juniper Identity Management Service Profile
  - Edit a Juniper Identity Management Service Profile
  - Delete a Juniper Identity Management Service Profile
- play_arrow ICAP Redirect
  - About the ICAP Redirect Profile Page
  - Add an ICAP Redirect Profile
  - Edit an ICAP Redirect Profile
  - Delete ICAP Redirect Profile

list Table of Contents

English

keyboard_arrow_right

Create a Role

date_range 26-Jun-23

arrow_backward

arrow_forward

You are here: Device Administration > Users & Roles > Roles.

To create a role:

Click the add icon (+) on the upper right side of the Roles page.
The Create Role page appears.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the newly added role. If you want to discard your changes, click Cancel.
After you create roles, go to Device Administration > Users & Roles > Users and assign them to users.

Table 1: Fields on the Create Role Page
Field	Action
Name	Enter a unique string that consists of alphanumeric characters, hyphens, and underscores; 64-character maximum.
Role scope	Note: This option is only available on the SRX Series Firewalls that support multi-tenancy. Select the scope of the role: Default—Creates the role to root logical systems. Tenant—Creates the role to tenant profiles. Logical System—Creates the role to logical system profiles.
Tenant	Select the tenant profile from the list for which you want to assign the role. Note: This option is only available if you select Tenant in the Role scope.
Logical System	Select the logical system profile from the list for which you want to assign the role. Note: This option is only available if you select Logical System in the Role scope.
Access Privileges	Select one or more privilege types (Full Access, Read-Only Access, or No Access) to assign the role for the specified actions and menus. A role must have at least one access privilege. Note: By default, Full Access privilege is selected. You can select: Read-Only Access if you want to assign the access permissions as read-only. No Access if you do not want to assign any access permissions.

arrow_backward PREVIOUS About the Roles Page

NEXT arrow_forward Edit a Role