Platform Support and Licensing for Virtual Systems
Virtual systems are supported on (PAN-OS 11.1.3
and later releases) VM-Series firewalls,PA-400 Series (PA-440, PA-445,
PA-450, PA-455, and PA-460 only), PA-1400 Series, PA-3200 Series, PA-3400 Series,
PA-5200 Series, PA-5400 Series, and PA-7000 Series firewalls. Each firewall series
supports a base number of virtual systems; the number varies by platform. A Virtual
Systems license is required to support multiple virtual systems on (PAN-OS 11.1.3 and later releases)
VM-Series firewalls,PA-400 Series, PA-1400 Series, PA-3200 Series, and PA-3400
Series firewalls, and to create more than the base number of virtual systems supported
on a platform.
Multiple virtual systems are not supported on the PA-220 and PA-800 Series firewalls.
(PAN-OS 11.1.3 and earlier releases)The multiple virtual systems are not
supported on VM- Series firewalls.
(PAN-OS 11.1.3 and later releases)The
multiple virtual systems are supported on VM-Series firewalls.
The default is vsys1. You cannot
delete vsys1 because it is relevant to the internal hierarchy on
the firewall; vsys1 appears even on firewall models that don’t support
multiple virtual systems.
You can
limit the resource
allocations for sessions, rules and VPN tunnels allowed for
a virtual system, and thereby control firewall resources. Each resource
setting displays the valid range of values, which
varies per firewall model. The
default setting is 0, which means the limit for the virtual system is
the limit for the firewall model. However, the limit for a specific
setting isn’t replicated for each virtual system. For example, if
a firewall has four virtual systems, each virtual system can’t have
the total number of Decryption Rules allowed per firewall. After
the total number of Decryption Rules for all of the virtual systems
reaches the firewall limit, you cannot add more.