SRX

Expand all | Collapse all

Logical system policies limitations in SRX5400

Jump to Best Answer
  • 1.  Logical system policies limitations in SRX5400

    Posted 03-21-2018 08:44

    Can anyone please tell me how many security policies,NAT,Zones can be reserved and for logical system. Is there any limitations?

     

    Thanks in advance



  • 2.  RE: Logical system policies limitations in SRX5400

    Posted 03-21-2018 09:13

    Limit is total number of policies, NAT and zones on the SRX.

     

    The master administrator can configure a security profile for the master logical system that specifies the maximum and reserved numbers of security policies applied to the master logical system. The number of policies configured in the master logical system count toward the maximum number of policies available on the device

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/logical-system-security-policy-understanding.html

    The master administrator configures the maximum and reserved numbers of security policies for each user logical system. The user logical system administrator can then create security policies in the user logical system. From a user logical system, the user logical system administrator can use the show system security-profile policy command to view the number of security policies allocated to the user Logical system.

                   

    Note:.

     

    Regards

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

     



  • 3.  RE: Logical system policies limitations in SRX5400
    Best Answer

     
    Posted 03-22-2018 00:02

    There is no limit specific to Logical system. You can even assign all resources to the logical system.

     

    [edit]
    root# run show log nsd_chk_only | match "Max Policy"
            Max Policy                  = 80000
            Max Policy Context          = 8192
            Max Policy per Context      = 80000 =====> Maximum policy supported on device

    [edit]
    root# set system security-profile TEST policy maximum ?
    Possible completions:
      <maximum>            Maximum allowed quota (0..80000) =====> Maximum policy can be allocated to logical system
    [edit]
    root#