F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100
197
service, and session resources, its own security zones and security zone-based security policies,
and its own connection limits, blacklist, and port scanning and flood attack detection policies and
information.
303BVD applications
The VD technology can be widely used for, for example, device renting, service hosting, and student
labs.
As shown in
908HFigure 88, LAN 1, LAN 2, and LAN 3 are three companies' LANs. To provide access service
for the three companies, you can deploy a single physical device and configure a VD for each company.
Then, the administrators of each company can log in to only their own VD to maintain their own network,
without affecting any other VD or network. The effect equals deploying a separate gateway for each
company.
Figure 88 Network diagram
304BDefault VD and non-default VDs
A device supporting VDs is a VD itself, and it is called the "default VD" (for example, Device in 909HFigure 88).
The default VD always uses the name Root and the ID 1. You cannot delete it or change its name or ID.
From the default VD, you can manage the whole physical device, create and delete non-default VDs, and
assign interface and VLAN resources to non-default VDs.
No VDs can be created on a non-default VD. A non-default VD can only use the resources assigned to
it. It cannot use the resources assigned to other VDs or the remaining resources on the physical device.
The default VD can use the resources not assigned to any other VDs.
Unless otherwise stated, the term "VD" in the following sections refers to a non-default VD.
Unless otherwise stated, all operations in the following sections are performed on the default VD. For
more information about the configurations and services on a non-default VD, see related manuals.