CLI Cheat Sheet: VSYS
Use the following commands to administer a Palo Alto Networks firewall with multiple virtual system (multi-vsys) capability. You must have superuser, superuser (read-only), device administrator, or device administrator (read-only) access to use these commands. These commands are not available for virtual system administrator or virtual system administrator (read-only) roles.
If you want to . . .
Use . . .
After adding a new virtual system from the CLI, you must log out and log back in to see the new virtual system within the CLI.
For example, use the following command to switch to vsys2; note that the vsys name is case sensitive:
Notice that the command prompt now shows the name of the vsys you are now administering.
Maximum indicates the maximum number of sessions allowed per dataplane, Current indicates the number of sessions being used by the virtual system, and Throttled indicates the number of sessions denied for the virtual system because the sessions exceeded the Maximum number multiplied by the number of dataplanes in the system.
As shown in this example, on a PA-5200 Series or PA-7000 Series firewall, the Current number of sessions being used can be greater than the Maximum configured for Sessions Limit (Device > Virtual Systems > Resource) because there are multiple dataplanes per virtual system. The Sessions Limit you configure on a PA-5200 or PA-7000 Series firewall is per dataplane, and will result in a higher maximum per virtual system.
Recommended For You
Recommended videos not found.