F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

196

14BConfiguring virtual firewalls

109B

Feature and hardware compatibility

Hardware Virtual firewall com

atible

F1000-A-EI/F1000-S-EI Yes

F1000-E Yes

F5000 Yes

Firewall module Yes

U200-A Yes

U200-S No

110B

Overview

The virtualization technology can virtualize a physical device into multiple logical devices called "virtual

devices (VDs)." All VDs share the hardware and software resources of the physical device, but each VD

has its own Layer 3 interfaces, maintains its own routing and forwarding entries, serves its own users, and

has its own administrators. Creating, running, or deleting a VD does not affect the configuration or

service of any other VD. In the perspective of users, a VD is a standalone device.

In the Web interface, the name of the current VD is displayed on the navigation tree in a pair of brackets

after the physical device's device name, as shown in

907HFigure 87.

Figure 87 VD name on the navigation tree

302BVD benefits

• Higher utilization of existing network resources—Instead of purchasing new devices, you can

configure more VDs on existing network devices to expand the network, reducing hardware

upgrade cost. For example, when there are more user groups, you can configure more VDs and

assign the VDs to the user groups; when there are more users in a group, you can assign more

interfaces and other resources to the group.

• Lower management and maintenance cost—Management and maintenance of multiple VDs occur

on a single physical device.

• Independence of each VD and high security—Each VD is isolated from any other VD and cannot

communicate with any other VD directly. Each VD maintains its own local user information, and a