Virtual Devices
This section describes virtual network components and their characteristics.
Virtual System
A Virtual System is a virtual security and routing domain that provides the functionality of a Security Gateway with full Firewall and VPN facilities. Multiple Virtual Systems can run concurrently on a single VSX Gateway.
Virtual System Autonomy
Each Virtual System functions as an independent entity, much in the same way as each Security Gateway is independent from other Gateways. Each Virtual System maintains its own Software Blades, interfaces, IP addresses, routing table, ARP table and dynamic routing configuration. In addition, each Virtual System maintains its own:
- Software Blades: You can configure different Software Blades for each Virtual System to give the applicable protection to the networks.
- State Tables: Each Virtual System contains its own kernel tables containing configuration and runtime data, such as, active connections, IPSec tunnel information, and so on.
- Security and VPN policies: Each Virtual System enforces its own security and VPN Policies (including INSPECT code). Policies are retrieved from the management server and stored separately on the local disk and in the kernel. In a Multi-Domain Security Management environment, each Domain database is maintained separately on the management server as well as on the VSX Gateway.
- Configuration Parameters: Each Virtual System maintains its own configuration, such as IPS settings, TCP/UDP time-outs, and so on. Different Virtual Systems can run in layer-2 or layer-3 mode and co-exist on the same VSX Gateway.
- Logging Configuration: Each Virtual System maintains its own logs and performs logging according to its own rules and configuration.
