Service Routes to Services for Virtual Systems
When you enable Multi Virtual System Capability,
any virtual system that does not have specific service routes configured
inherits the global service and service route settings for the firewall.
You can instead configure a virtual system to use a different service
route, as described in the following workflow.
supports syslog forwarding on a virtual system basis. When multiple
virtual systems on a firewall are connecting to a syslog server
using SSL transport, the firewall can generate only one certificate
for secure communication. The firewall does not support each virtual
system having its own certificate.
Customize service routes for a virtual system.
, and select
the virtual system you want to configure.
Service Route Configuration
Select one of the radio buttons:
Inherit Global Service Route Configuration
the virtual system to inherit the global service route settings
relevant to a virtual system. If you choose this option, skip down
to step 7.
—Allows you to specify a
source address for each service.
If you chose
depending on what type of addressing the server offering the service
uses. You can specify both IPv4 and IPv6 addresses for a service.
(Only services that are relevant to a virtual system are available.)
To easily use the same source address for multiple services, select
the checkbox for the services, click
Set Selected Service
, and continue.
To limit the drop-down list for Source Address,
, then select a
Source Address (from that interface) as the service route. Selecting
Interface makes all IP addresses on all interfaces for the virtual
system available in the Source Address drop-down from which you
select an address. You can select
Inherit Global Setting
Inherit Global Setting
or it will indicate the source address you
selected. If you selected
, select an IP address from the drop-down,
or enter an IP address (using the IPv4 or IPv6 format that matches
the tab you chose) to specify the source address that will be used
in packets sent to the external service.
If you modify an address object and the IP family type (IPv4/IPv6)
is required to update the
service route family to use.
Repeat steps 4 and 5 to configure source addresses
for other external services.