Virtual systems provide the same basic functions as
a physical firewall, along with additional benefits:
Segmented administration—Different organizations
(or customers or business units) can control (and monitor) a separate
firewall instance, so that they have control over their own traffic
without interfering with the traffic or policies of another firewall
instance on the same physical firewall.
Scalability—After the physical firewall is configured,
adding or removing customers or business units can be done efficiently.
An ISP, managed security service provider, or enterprise can provide
different security services to each customer.
Reduced capital and operational expenses—Virtual systems
eliminate the need to have multiple physical firewalls at one location
because virtual systems co-exist on one firewall. By not having
to purchase multiple firewalls, an organization can save on the
hardware expense, electric bills, and rack space, and can reduce
maintenance and management expenses.
Ability to share IP-address-to-username mappings—By
assigning a virtual system as a User-ID hub, you can share the IP-address-to-username
mappings across virtual systems to leverage the full User-ID capacity
of the firewall and reduce operational complexity.