Virtual systems are supported on (PAN-OS 11.1.3 and later releases) VM-Series firewalls,PA-400 Series (PA-440, PA-445, PA-450, PA-455, and PA-460 only), PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, and PA-7000 Series firewalls. Each firewall series supports a base number of virtual systems; the number varies by platform. A Virtual Systems license is required to support multiple virtual systems on (PAN-OS 11.1.3 and later releases) VM-Series firewalls,PA-400 Series, PA-1400 Series, PA-3200 Series, and PA-3400 Series firewalls, and to create more than the base number of virtual systems supported on a platform.

For license information, see Subscriptions. For the base and maximum number of virtual systems supported, see Compare Firewalls tool.

Multiple virtual systems are not supported on the PA-220 and PA-800 Series firewalls.

(PAN-OS 11.1.3 and earlier releases)The multiple virtual systems are not supported on VM- Series firewalls.

(PAN-OS 11.1.3 and later releases)The multiple virtual systems are supported on VM-Series firewalls.

You can limit the resource allocations for sessions, rules and VPN tunnels allowed for a virtual system, and thereby control firewall resources. Each resource setting displays the valid range of values, which varies per firewall model. The default setting is 0, which means the limit for the virtual system is the limit for the firewall model. However, the limit for a specific setting isn’t replicated for each virtual system. For example, if a firewall has four virtual systems, each virtual system can’t have the total number of Decryption Rules allowed per firewall. After the total number of Decryption Rules for all of the virtual systems reaches the firewall limit, you cannot add more.