Strata Cloud Management (SCM) now supports multiple virtual system (vsys) mode for Next-Generation Firewalls, enabling you to manage and configure multiple virtual systems within a single physical firewall from SCM. Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks firewall. Rather than using multiple firewalls, managed service providers and enterprises can use a single pair of firewalls (for high availability) and enable virtual systems on them. Each virtual system is an independent, separately-managed firewall with its traffic kept separate from the traffic of other virtual systems.This feature allows you to create logical separations within a firewall to support multiple departments, customers, or security domains while maintaining centralized management. When you enable multi-vsys mode, you can create, update, and delete virtual systems, import interfaces into specific virtual systems, and push configurations to one or multiple virtual systems simultaneously.

With multi-vsys support, you can logically separate traffic, policies, and objects for different business units or customers, providing enhanced multi-tenancy capabilities. You can delegate administration to different teams by associating virtual systems with appropriate containers, allowing fine-grained access control to specific virtual systems. The ability to push configurations to multiple virtual systems at once simplifies management of complex multi-vsys environments.

This feature is particularly valuable for service providers who need to maintain separation between multiple customer environments on shared hardware, enterprises that want to isolate different departments or business units, or organizations that need to maintain strict separation between production, development, and testing environments. By implementing virtual systems, you can optimize hardware utilization while maintaining logical separation and meet compliance requirements that mandate traffic isolation between different security domains.

SCM provides an intuitive interface for managing virtual systems, allowing you to view the status of all virtual systems, move virtual systems between containers, and monitor the synchronization status of each virtual system separately. When pushing configurations, you can select which virtual systems should receive updates, providing flexibility in configuration management.