virutal router and ipsec settings for vsys admin

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

virutal router and ipsec settings for vsys admin

L2 Linker

Dear All,

               We created a seprate vsys and assigned l3 interfaces and virtual router for a vsys. But vsys admin which is assigned for it is unable to view virutal router tabs and ipsec configuration tabs.

 

We want this vsys should be handled completely seprate, this vsys need not to share or depend on interface, shared gateway or other vsys object.

Only device admin has the access to virutal router and ipsec config not vsys admin.

Am i missing any configuration or this is how its configured.

 

with regards,

Ram

2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

A vsys admin is considered a sub-admin so does not get access to system-level configuration which could impact the system

 

Device admins or superusers are allowed to make changes to device-level configuration

 

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

Hi @RamBalaji

 

Interfaces and routing are classified as system level configuration.

In the case of a hosted environment the device owner will want to retain control over system critical configuration so the customer does not cause accidental harm to others, by for example configuring a vwire in a switched environment and causing a loop, or altering interface tags, allowing them to inject themselves in a different network segment

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

A vsys admin is considered a sub-admin so does not get access to system-level configuration which could impact the system

 

Device admins or superusers are allowed to make changes to device-level configuration

 

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks for the response.

I have a doubt, if one customer owns ISP and don't want to share it and configure (routing & IPSEC vpn) by himself, which is not possible in this case. After the device admin/super admin configures interface for seperate vsys why its going to affect the system configuration.

Please share your view.

 

with regards,

Ram

Hi @RamBalaji

 

Interfaces and routing are classified as system level configuration.

In the case of a hosted environment the device owner will want to retain control over system critical configuration so the customer does not cause accidental harm to others, by for example configuring a vwire in a switched environment and causing a loop, or altering interface tags, allowing them to inject themselves in a different network segment

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2 accepted solutions
  • 3083 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!