Manualshelf

HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
211212213214215216217218219220
203
Configuring virtual firewalls
Overview
The virtualization technology can virtualize a physical device into multiple logical devices called "virtual
devices (VDs)." All VDs share the hardware and software resources of the physical device, but each VD
has its own Layer 3 interfaces, maintains its own routing and forwarding entries, serves its own users, and
has its own administrators. Creating, running, or deleting a VD does not affect the configuration or
service of any other VD. In the perspective of users, a VD is a standalone device.
In the Web interface, the name of the current VD is displayed on the navigation tree in a pair of brackets
after the physical device's device name, as shown in Figure 92.
Figure 92 VD name on the navigation tree
VD benefits
Higher utilization of existing network resources—Instead of purchasing new devices, you can
configure more VDs on existing network devices to expand the network, reducing hardware
upgrade cost. For example, when there are more user groups, you can configure more VDs and
assign the VDs to the user groups; when there are more users in a group, you can assign more
interfaces and other resources to the group.
Lower management and maintenance cost—Management and maintenance of multiple VDs occur
on a single physical device.
Independence of each VD and high security—Each VD is isolated from any other VD and cannot
communicate with any other VD directly. Each VD maintains its own local user information, and a
login user of a VD can log in to and manage only the VD itself. Each VD maintains its own address,
service, and session resources, its own security zones and security zone-based security policies,
and its own connection limits, blacklist, and port scanning and flood attack detection policies and
information.
VD applications
The VD technology can be widely used for, for example, device renting, service hosting, and student
labs.
As shown in Figure 93, L
AN 1, LAN 2, and LAN 3 are three companies' LANs. To provide access service
for the three com
panies, you can deploy a single physical device and configure a VD for each company.
Then, the administrators of each company can log in to only their own VD to maintain their own network,