R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
163
Virtual device management
NOTE:
The firewall supports virtual device management only in the web interface.
Virtual device management overview
The virtual device feature allows you to divide a physical firewall into several logical firewalls. Creating
virtual devices can provide firewall rental services. You can configure different security policies for
different virtual devices, providing private route forwarding plane and security services for virtual device
users. In addition, different virtual devices are isolated by default.
You can create a virtual device. The virtual root device (with the device name Root) exists by default
without the need for you to create it. Each virtual device contains members such as Layer 3 interfaces,
Layer 2 interfaces and a VLAN range. The following is the relationship between the virtual devices and
their members:
• By default, all Layer 3 interfaces and VLANs belong to the virtual root device.
• All Layer 2 interfaces belong to all created virtual devices.
• A Layer 3 interface or VLAN can belong to one virtual device.
• After creating a virtual device, you can add specified Layer 3 interfaces and VLANs to the virtual
device to manage them.
The virtual device feature has the following advantages:
• Each virtual device maintains a group of security zones;
• Each virtual device maintains a group of resources such as addresses/address groups, and
services/service groups;
• Each virtual device maintains its own traffic filtering rules between its security zones;
• Each virtual device maintains its own connection number limit, blacklist, port scanning and Flood
detection policies and data.
The name of the virtual device that is performing operations is displayed in the square brackets on the left
of the system name on the upper most of the navigation tree, as shown in
Figure 75.
Figure 75 Name of the
virtual device