Click here to return to FEATURES
Multi Tenant Firewall
Virtual router instances are a very useful feature of Junos. When using these on a SRX device to provide individual firewall instances, managing the policies, zones and NAT for each instance quickly becomes complex. OneConfig simplifies this by creating a logical view of each instance so that it can be viewed and managed as an individual service. End customers can be given read-only or read-write access to an instance without impacting the security of other tenants on the SRX. Administration of instances can be safely shared with other administrators in a federated model so that they only manage their instance.
The image below shows the logical view presented by OneConfig of virtual router instances.
Using the 'Action' menu users can view and edit policies, zones and NAT for each virtual firewall instance. This includes the ability to add new policies and NAT rules.
Adding a new ViRtual router service
To add a new virtual router service to OneConfig the instance should first be setup on the host device. Once the instance is configured on the host device it can be selected and to create the new service within OneConfig.
Within the 'Services' tab select the 'Add Service' button. As per the example above, create a unique service name and appropriate description. Select the host device from the dropdown list and then select the routing instance.
Next add the zones and interfaces associated with the service. Click 'Save' then 'Create MTFW Service'. The service is now setup and ready to be managed via OneConfig.
Watch the short 2-minute video below to get an overview of this feature.