Creating a virtual system requires that you
have the following:
(Panorama managed firewalls) For
firewalls managed by a Panorama management server, Palo Alto Networks
recommends making note of all policy rule Target lists you added
the managed firewall to on Panorama before you change the virtual
system configuration status to ensure you maintain your security
posture.
Changing the managed firewall multi-vsys status impacts
all policy rules where the managed firewall was added to the policy
Target list. Changing the multi-vsys status in any way removes the
firewall from the Target list from the Panorama-managed policy rule,
impacting which firewalls Panorama pushes the policy rule to. If
the removed firewall was the only Target, then the rule is now pushed
to all firewalls associated with the impacted device group.
In
the case of deny policy rules, this
may result in some firewalls denying sessions they previously allowed.
In the case of allow policy
rules, this may result in some firewalls allowing sessions they
previously denied.