To Define a Vsys and Vsys
AdministratorsOnly the root administrator or a root-level read/write administrator of the security device can define a virtual system and vsys admins. Before the root-level admin can turn over the administration of the virtual system to a vsys admin, the root-level admin must make the virtual system functional. That is, the root-level admin must configure subinterfaces or interfaces for the vsys and possibly shared virtual routers and shared security zones. The subsequent configurations depend on whether the vsys is intended to support VLAN-based or IP-based traffic classifications or a combination of both.
Once the vsys is functional, a vsys admin can log in and begin configuring addresses, users, services, addresses, VPNs, and access policies.
To Define a Vsys and Vsys
AdministratorsEnter the necessary information:
Vsys Name: Enter the name of the virtual system.
Vsys Admin Name*: Enter the name of the virtual system administrator.
Vsys Admin New Password*: Enter the password for the vsys administrator.
Confirm New Password: Confirm the password for the vsys administrator.
Click SSH PKA to view the virtual system administrator's PKAs and create new ones. For more information about viewing and creating PKAs, see PKA Configuration.
VSYS Read-Only Admin Name: Enter the name of the vsys administrator with read-only privileges.
VSYS Read-Only Admin Password: Enter the password for the read-only vsys administrator.
Confirm Password: Confirm the password for the read-only vsys administrator.
Click SSH PKA to view the vsys read-only administrator's PKAs and create new ones. For more information about viewing and creating PKAs, see PKA Configuration.
Create a default virtual router: Select this option to create a virtual router bearing the same name as the virtual system. To then configure the virtual router, see Virtual Router Configuration.
Select an existing virtual router: Select this option if you want to use a virtual router that is already configured.
Virtual Router: Select an existing virtual router from the drop-down list.
Create a custom virtual router: Select this options to create a new virtual router.
vr name: Enter the name of the virtual router you want to create. To then configure the virtual router, see Virtual Router Configuration.
Profile: Select an existing vsys profile to be applied the vsys.
Override CPU Limit: Specifies an override of the CPU weight, which is used in conjunction with the CPU weights of other virtual systems to assign time quotas proportional to those weights.
Maximum: Specifies an override of the maximum number of sessions for the vsys, which is defined in a vsys profile. The value range is 100 through the maximum session value for the overall security system (as if no session limitation is in force).
Reserve: Specifies an override of the number of sessions reserved for a vsys, which is defined in a vsys profile. The value range is 0 through the maximum number of sessions you specified for the vsys.
Alarm Level Percentage: Specifies an override of the alarm trigger level set in a vsys profile. The value range is 1 through 100. The default value is 100.
Click OK to save your configuration.
To Modify a Vsys Admin or
PasswordsA vsys admin cannot change his or her login name (user name) because the security device uses that name, which must be unique among all vsys admins, to route the login connection to the appropriate vsys.
You can modify the vsys admin's password and the vsys read-only admin information—name and password. You can also view and create PKAs for the vsys admin and the vsys read-only admin. For more information on viewing and creating PKAs, see PKA Configuration.
Click OK to save your changes.