If your administrator account extends to multiple virtual systems, you can choose to configure objects (such as an address object) and policy rules for a specific virtual system or as shared objects, which apply to all of the virtual systems on the firewall. If you try to create a shared object with the same name and type as an existing object in a virtual system, the virtual system object is used.

All Shared objects pushed from the Panorama management server are duplicated to each vsys and count toward the total maximum capacity for each object supported by the firewall model. For example, you configure 51 vsys and have a firewall model that supports up to 50,000 IP addresses. You create a Shared EDL consisting of 1,000 IP addresses and you push the EDL to all vsys. In this example, 1,000 IP addresses are pushed to each of the first 50 vsys of your multi-vsys firewall and total 50,000 IP addresses. No IP addresses are pushed to the 51st vsys because the total maximum IP addresses supported by firewall model is reached. If configured locally, this same EDL counts for only 1,000 IP addresses.