Vsys Configurations In Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Related
Documentation

Vsys Configurations in NSM Overview

Related
Documentation
250
For more information about configuring authentication users on security devices, refer
to the Concepts & Examples ScreenOS Reference Guide: Fundamentals.
L2TP and Xauth Local Users Configuration Overview on page 247
Vsys Configurations in NSM Overview on page 250
Configuring L2TP Local Users (NSM Procedure) on page 247
A vsys is a virtual system that exists within a physical security device. By logically
partitioning a single, physical security device into multiple virtual systems (each in its
own domain), you can provide secure multitenant services. The physical device (known
as the " root" device) shares some settings across all vsys, but each vsys also has its own
unique settings. To enable the physical device to correctly route traffic to the appropriate
vsys device, you must use VLAN tags at the vsys level or IP classification at the root level.
To add a vsys to the NSM system, you must first add a physical device that can contain
vsys devices (NetScreen-500, 5000 line, ISG1000, and ISG2000 security devices support
vsys), and then add each vsys to the physical device. An NSM administrator with full
device configuration permissions can see both the root and vsys devices in a domain, but
an administrator with only vsys permissions can see only the vsys devices in a domain.
To create a secure, multi-tenant system, place the root device in the global domain and
each vsys device in its own domain, and then assign vsys administrations to manage
each domain. For details on adding a vsys, see "Adding Vsys Devices" in the Network and
Security Manager Administration Guide.
After you have added or modeled a new root device and vsys to the NSM system, you
must configure the vsys interfaces and subinterfaces, and any shared virtual routers and
shared security zones on the root device. When importing an existing root device and
vsys, NSM automatically imports the existing root and vsys settings from each device
(physical and virtual).
The NetScreen 5000 line of security devices running ScreenOS 5.0 L2V also support
vsys transparent mode, also known as Layer 2 vsys, or L2V vsys. To create an L2V vsys,
when modeling the root device into NSM, ensure that the mode is set to Transparent (for
imported devices, you must enable Transparent mode on the physical device using the
Web UI or CLI).
For more information about vsys, refer to the Concepts & Examples ScreenOS Reference
Guide: Virtual Systems. For more information about how to configure transparent vsys,
refer to the Juniper Networks New Features Guide for ScreenOS 5.0-L2V software.
Virtual Router Configurations for Root and Vsys Overview on page 251
Zone Configurations for Root and Vsys Overview on page 251
XAuth Users Authentication Overview on page 249
Copyright © 2010, Juniper Networks, Inc.