Chapter 21. Virtual Systems
The high-end security devices in the ScreenOS family provide the ability to create Virtual Systems (VSYS). A VSYS is a logical firewall created within the physical security device. All ScreenOS firewalls have a root system. With the appropriate license, root system administrators can create these virtual firewalls which permit unique configuration of policies and policy objects, user lists, virtual private networks (VPNs), routing, and more. VSYS administrators can view and edit only the information configured within their own virtual firewall.
The primary application for VSYS is a multitenant, managed firewall application. In this application, multiple customers can share physical hardware and still have the personal firewall experience. This type of application may also be present in large enterprises where multiple firewalls can be collapsed into a VSYS on less hardware or even a single firewall cluster.
With recent ScreenOS releases, another use for VSYS has emerged: the ability to use resource profiles as Denial of Service (DoS) protection mechanisms within the system.
This chapter provides overview information on VSYS as well as recipes for common configurations. After understanding how to create VSYS, share zones, Virtual Routers (VRs), and interfaces, and how to use VSYS admin accounts, you can consult recipes from other chapters in this book to meet your custom configuration requirements.
VSYS and VSYS Administrators
Creating VSYS ...