Inter-VSYS
Communication Uses Two Sessions
It is helpful to understand that communication between
two virtual systems uses two sessions, unlike the one session used
for a single virtual system. Let’s compare the scenarios.
Scenario 1—Vsys1 has two zones: trust1 and untrust1. A host in
the trust1 zone initiates traffic when it needs to communicate with
a device in the untrust1 zone. The host sends traffic to the firewall,
and the firewall creates a new session for source zone trust1 to
destination zone untrust1. Only one session is needed for this traffic.
Scenario 2—A host from vsys1 needs to access a server on vsys2.
A host in the trust1 zone initiates traffic to the firewall, and
the firewall creates the first session: source zone trust1 to destination
zone untrust1. Traffic is routed to vsys2, either internally or
externally. Then the firewall creates a second session: source zone untrust2
to destination zone trust2. Two sessions are needed for this inter-vsys traffic.