allow multiple virtual systems to share a single interface for external communication (typically connected to a common upstream network such as an Internet Service Provider). All of the virtual systems communicate with the outside world through the physical interface using a single IP address. A single virtual router is used to route traffic for all of the virtual systems through the shared gateway.
Shared gateways use
Layer 3 interfaces, and at least one Layer 3 interface must be configured as a shared gateway. Communications originating in a virtual system and exiting the firewall through a shared gateway require similar policy to communications passing between two virtual systems. You could configure an ‘External vsys’ zone to define security rules in the virtual system.