Virtual systems are separate, logical firewall instances
within a single physical Palo Alto Networks firewall. Rather than
using multiple firewalls, managed service providers and enterprises
can use a single pair of firewalls (for high availability) and enable
virtual systems on them. Each virtual system (vsys) is an independent,
separately-managed firewall with its traffic kept separate from
the traffic of other virtual systems.