Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Create a Logical System

You can add logical systems in bulk or add individual logical system at a time.

Add Logical Systems in Bulk

To add logical systems in bulk:

  1. Select Devices > Security Devices.

    The Security Devices page is displayed.

  2. Select a root device, right-click and select Create Logical System.

    The Create Logical System (LSYS) page is displayed.

  3. Click Add Bulk LSYS.

    The Add Bulk Logical System (LSYS) page is displayed.

  4. Complete the configuration according to the guidelines given in Table 1.
  5. Click Add.

    The Create Logical System (LSYS) page is displayed. Review the logical system details.

  6. Select the logical system and click the pencil icon to modify the details, if required.

    You can also provide the user class and interface for logical systems. Logical System configuration parameters cannot be edited after you click Preview Configuration or Create.

  7. Click Create to create the logical system.

    The Job Details page is displayed with update logical system device job and its status.

  8. Click OK.

    If the job is successful, the logical system is created and displayed in the Security Devices page. The root device name is displayed beside the logical system device name. You can click on the logical system device name link to see the root device details.

Add Individual Logical System at a Time

Alternatively, you can create individual logical systems at a time. To create individual logical system at a time:

  1. Select Devices > Security Devices.

    The Security Devices page is displayed.

  2. Select a root device, right-click and select Create Logical System.

    The Create Logical System (LSYS) page is displayed.

  3. Click the + icon.

    The Create Logical System (LSYS) page is displayed.

  4. Complete the configuration according to the guidelines given in Table 1.
  5. Click Add.

    The Create Logical System (LSYS) page is displayed. Review the logical system details.

  6. Select the logical system and click the pencil icon to modify the details, if required.

    Logical System configuration parameters cannot be edited after you click Preview Configuration or Create.

  7. Click Create to create the logical system.

    The Job Details page is displayed with update logical system device job and its status.

  8. Click OK.

    If the job is successful, the created logical system is displayed in the Security Devices page. The name of the root device is displayed beside the logical system device name. You can click on the root device name to see the root device details.

Table 1: Add Bulk Logical System

Parameters

Description

Logical System Name

A logical system name can be a maximum of 63 characters and can include alphanumeric characters, dashes, and underscores.

Number of LSYS(s)

Select the number of logical systems that you want to create.

You can create a maximum of 31 logical systems.

Note:

The logical system name uses the number as prefix for the selected count. You can review the details of the logical system and modify the name, if required.

Routing Instance Name

Enter the routing instance name. A routing instance system name can be a maximum of 63 characters and can include alphanumeric characters and dashes.

Routing Instance Type

Select the routing instance type from the list.

Security Profiles

To distribute security resources across logical systems, you can create security profiles that specify the type and amount of resources to be allocated. You can create security profile and bind it to more than one logical system, if you want to allocate the same type and amount of resources to them.

When a device is discovered in Security Director for the first time, you can see the list of security profiles, if any, while creating a logical system. Alternatively, you can create security profiles in Security Director.

A security profile is mandatory to create a Logical system. Each security profile contains resources with a range based on the devices. You can manage the resources by allocating reserved and maximum values.

Select a security profile, which will be bound to the logical system.

To create a security profile:

  1. Click the + icon.

    The Create Security Profile page is displayed.

  2. Complete the configuration according to the guidelines given in Table 2.

  3. Click Save.

    The Job Details page is displayed with the status of update security profile job. If the job is successful, the security profile is created.

To edit the security profile, select a security profile and click the pencil icon.

Note:

You can configure up to 32 security profiles on an SRX Series device running logical systems. When you reach the limit, you can delete the empty profiles. If you want to delete a profile which is assigned to a logical system, then first assign some other profile to the logical system and then delete the profile. Otherwise, you cannot delete a profile and commit fails on the device.

User Class Details

Select a user class. Each user is assigned to a class, which defines the user permissions.

Note:

User class details section is available only when you create an individual logical system at a time. When you create a logical system in bulk, you can provide the user class when you edit the logical system as mentioned in 6 in Add Logical Systems in Bulk.

Assign Interfaces

Select an interface.

To add logical interface:

  1. Click Add Logical Interface.

    The corresponding logical interfaces page is displayed.

  2. Click the + icon.

    The Add Logical Interface page is displayed.

  3. Enter the following details:

    • Logical Interface Unit—Enter the name of the logical interface, which must be a number from 0 through 2147483647.

    • Description—Enter a valid description for logical interface. The maximum limit is 255 characters.

    • VLAN ID—Select the VLAN ID. If the VLAN tagging is enabled, then the VLAN ID is mandatory.

    • IPv4 address—Enter the IPv4 address and the subnet mask.

    • IPv6 address—Enter the IPv6 address and the subnet mask.

Note:

User class details section is available only when you create individual logical system at a time. When you create logical systems in bulk, you can provide the user class when you edit the logical system as mentioned in 6 in Add Logical Systems in Bulk.
Table 2: Security Profile

Parameters

Description

General Settings

Security Profile Name

Enter a valid unique name. The name must contain only letters and numbers. Note that the security profile name must be unique for the selected root device.

Resource Allocation

Select the type of resource and allocate the reserved and maximum value for the selected resource.

Each security profile contains resources with a range based on the devices. You can manage the resources by allocating reserved and maximum values.

Reserved

It guarantees that the specified resource is always available to the logical system. If a reserved quota is not configured for a resource, the default value is 0.

Maximum

If a logical system requires more resource than reserved amount allows, it can utilize resources configured for the global maximum amount if they are available—if they are not allocated to other logical systems. The maximum allowed quota specifies the portion of the free global resources that the logical system can use. The maximum allowed quota does not guarantee that the amount specified for the resource in the security profile is available.

If a maximum allowed quota is not configured for a resource, the global system quota for the resource is used as a default value. Global system quotas are platform-dependent.

Related Documentation