Shared Objects for Virtual Systems
Focus
Focus

Shared Objects for Virtual Systems

Table of Contents

Shared Objects for Virtual Systems

If your administrator account extends to multiple virtual systems, you can choose to configure objects (such as an address object) and policy rules for a specific virtual system or as shared objects, which apply to all of the virtual systems on the firewall. If you try to create a shared object with the same name and type as an existing object in a virtual system, the virtual system object is used.
Some Shared objects pushed from the Panorama management server, such as External Dynamic Lists (EDL), are counted toward the total maximum capacity for each object supported by the firewall model. Others, like Address objects, are not counted towards the total maximum capacity of the firewall model and are specific to the vys. For example, you configure 51 vsys and have a firewall model that supports up to 50,000 IP addresses. You create a Shared EDL consisting of 1,000 IP addresses and you push the EDL to all vsys. In this example, 1,000 IP addresses are pushed to each of the first 50 vsys of your multi-vsys firewall and total 50,000 IP addresses. No IP addresses are pushed to the 51st vsys because the total maximum IP addresses supported by firewall model is reached. If configured locally, this same EDL counts for only 1,000 IP addresses.
The following Shared configuration objects are multiplied by the number of vsys and count toward the total maximum capacity of your firewall model.
  • External Dynamic Lists
  • Security Profile Groups
  • All Security Profiles
  • HIP objects and Profiles
  • Custom Objects (custom data patterns, Spyware, Vulnerability Protection, and URL Category)
  • Decryption Profile
  • SD-WAN Link Management Profiles