Virtual Devices

This section describes virtual network components and their characteristics.

Virtual System

A Virtual System is a virtual security and routing domain that provides the functionality of a Security Gateway with full Firewall and VPN facilities. Multiple Virtual Systems can run concurrently on a single VSX Gateway.

Virtual System Autonomy

Each Virtual System functions independently. Each Virtual System maintains its own Software Blades, interfaces, IP addresses, routing table, ARP table, and dynamic routing configuration. Each Virtual System also maintains its own:

• State Tables: Each Virtual System has its own kernel tables with configuration and runtime data, such as active connections and IPsec tunnel information.
• Security and VPN policies: Each Virtual System enforces its own security and VPN Policies (including INSPECT code). Policies are retrieved from the Management Server and stored separately on the local disk and in the kernel. In a Multi-Domain Server environment, each Domain database is maintained separately on the Management Server and on the VSX Gateway.
• Configuration Parameters: Each Virtual System maintains its own configuration, such as IPS settings and TCP/UDP time-outs. Different Virtual Systems can run in layer-2 or layer-3 mode and co-exist on the same VSX Gateway.
• Logging Configuration: Each Virtual System maintains its own logs and runs logging according to its own rules and configuration.