Introduction

The NetScreen firewall is a truly scaleable device. On the high-end firewalls, you can divide the firewall into multiple virtual firewalls or virtual systems. A virtual system (VSYS) is a logical firewall that is contained in a single physical firewall. Firewalls that support virtual systems allow you to create as many virtual systems as you are licensed for. Each virtual system can share components with other virtual systems or the root system.

Internet service providers (ISPs) or large organizations are the typical users of virtual systems. Both of these groups use virtual systems because of the need for many firewalls in a single location. For these users it would be impractical for them to have large numbers of firewalls. ISPs use the VSYS technology as a way to give customers access to their very own firewall while maintaining hundreds of virtual systems without the need for dedicated firewalls for each customer. Large organizations that require the use of many separate firewalls would benefit from the technology as well. The cost to use virtual systems is not an inexpensive proposition, but compared to maintaining many physical firewalls it can provide some cost benefits.

In this chapter, we will explore the virtual system technology and how to implement it. Together, we first will look at the virtual system technology and what it provides. Next, we will explore how virtual systems work. Looking deeply into how one physical device can differentiate traffic to dozens, if not hundreds, of different virtual systems. This...