Login
- Table of Contents
-
- 08-Configuration Examples
- 01-Web Login Configuration Examples
- 02-Internet Access Through a Static IP Address Configuration Examples
- 03-Internet access through PPPoE configuration examples
- 04-Signature Library Upgrade Configuration Examples
- 04-Software Upgrade Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 05-Software Upgrade Examples
- 06-Static routing configuration examples
- 07-OSPF configuration examples
- 08-BGP configuration examples
- 09-RIP configuration examples
- 10-DHCP configuration examples
- 11-DNS configuration examples
- 12-Object Group Configuration Examples
- 13-Public key management configuration examples
- 14-Security Policy Configuration Examples
- 15-Attack defense configuration examples
- 16-Connection Limit Configuration Examples
- 17-IPS Configuration Examples
- 18-URL Filtering Configuration Examples
- 19-Anti-Virus Configuration Examples
- 20-Data Filtering Configuration Examples
- 21-File Filtering Configuration Examples
- 22-APR-Based Security Policy Configuration Examples
- 23-Bandwidth Management Configuration Examples
- 24-NAT configuration examples
- 25-NAT hairpin configuration examples
- 26-IPsec configuration examples
- 27-SSL VPN configuration examples
- 28-Server Load Balancing Configuration Examples
- 29-Outbound Link Load Balancing Configuration Examples
- 30-Inbound Link Load Balancing Configuration Examples
- 31-Transparent DNS Proxy Configuration Examples
- 32-Context Configuration Examples
- 32-Context Configuration Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 33-IRF configuration examples
- 34-High Availability Group Configuration Examples
- 35-NAT Flow Logging Configuration Examples
- 36-User identification configuration examples
- 37-Server Connection Detection Configuration Examples
- 38-IP Reputation Configuration Examples
- 39-NPTv6 Configuration Examples
- 40-SSL Decryption Configuration Examples
- 41-MAC Address Learning Through a Layer 3 Device Configuration Examples
- 42-WAF Configuration Examples
- 43-NetShare Control Configuration Examples
- 44-4G Configuration Examples
- 45-WLAN Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 32-Context Configuration Examples(only for F50X0-D and F5000-AK5X5 firewalls) | 194.59 KB |
Context configuration examples
Introduction
The following information provides context configuration examples.
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of the context feature.
Restrictions and guidelines
When you configure security engine groups, follow these restrictions and guidelines:
· For the system to operate correctly, make sure the default security engine group has one or more security engines and the security engines are operating correctly.
· A security engine can join only one security engine group. A security engine group can have multiple security engines.
· Plan security engine groups carefully before adding security engines to security engine groups. Moving a security engine from a security engine group to another security engine group causes the security engine to reboot. During the reboot period, services on the security engine are not available.
· A context can be assigned to only one security engine group. A security engine group can have multiple contexts.
When you assign VLANs to contexts, follow these restrictions and guidelines:
· For contexts without the VLAN-unshared attribute, you can only assign VLANs to them and cannot use the vlan command to create VLANs for them. Before the assignment, you must create the VLANs on the default context.
· You cannot assign the following VLANs to a context without the VLAN-unshared attribute:
¡ VLAN 1.
¡ Default VLANs of interfaces.
¡ VLANs for which you have created VLAN interfaces.
When you assign interfaces to contexts, follow these restrictions and guidelines:
· Subinterfaces, VLAN interfaces, and aggregate interfaces can be assigned to a context only in shared mode.
· After assigning a subinterface to a context, you cannot assign its primary interface to a context. After assigning a primary interface to a context, you cannot assign its subinterfaces to a context.
· Do not assign member interfaces of an aggregate interface to a context in shared mode.
· After assigning an interface to contexts in shared mode, you cannot assign the interface to contexts in exclusive mode before reclaiming the interface.
· Do not assign IRF physical interfaces to a non-default context.
· If a subinterface of a Layer 3 interface is a member interface of a Reth interface, do not assign the Layer 3 interface to a non-default context.
Example: Configuring contexts
Network configuration
As shown in Figure 1, configure contexts for the LANs as follows:
· Configure context cnt1 for LAN 1. Assign 60% disk space and 60% memory space to the context and set the CPU weight to 8.
· Configure context cnt2 for LAN 2. Leave the context to use the default amount of disk space and the default amount of memory space.
· Configure context cnt3 for LAN 3. Set the CPU weight to 2.
· Assign GigabitEthernet 2/0/1 and GigabitEthernet 2/0/11 to context cnt1. Assign GigabitEthernet 2/0/2 and GigabitEthernet 2/0/12 to context cnt2. Assign GigabitEthernet 2/0/3 and GigabitEthernet 2/0/13 to context cnt3.
Software versions used
This configuration example was created and verified on F9620 of the F5080-D device.
Procedure
1. Configure context cnt1:
# On the top navigation bar, click System.
# From the navigation pane, select Virtualization Advanced Settings > Contexts > Contexts.
# Click Create.
# Configure context cnt1 as shown in Figure 2.
# Click OK.
# Select context cnt1 from the context list and click Start.
Figure 3 Starting context cnt1
# From the navigation pane, select Virtualization Advanced Settings > Contexts > Resource Allocation.
# Click context cnt1 and edit the resource allocation scheme for the context as shown in Figure 4. Perform this task on all security engines to which the context is assigned.
# Click OK.
Figure 4 Editing the resource allocation scheme
2. Configure context cnt2 and cnt3 in the same way you configure context cnt1.
Verifying the configuration
1. On the top navigation bar, click System.
2. From the navigation pane, select Virtualization Advanced Settings > Contexts > Contexts.
3. Verify that the contexts are listed and their settings are as configured.
Figure 5 Viewing contexts
4. From the navigation pane, select Virtualization Advanced Settings > Contexts > Resource Allocation to view the amounts of memory and disk resources allocated to contexts.
Figure 6 Viewing context resource allocation
5. From the navigation pane, select Virtualization Advanced Settings > Contexts > Resource Usage to view the resource usage of contexts
Figure 7 Viewing resource usage of contexts
