Managing virtual firewalls, Overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 197

186

Managing virtual firewalls

NOTE:

The virtual firewall configuration is available only in the web interface.

Overview

The virtual device feature allows you to divide a physical firewall into several logical firewalls. Creating

virtual devices can provide firewall rental services. You can configure different security policies for

different virtual devices, providing private route forwarding plane and security services for virtual device

users. In addition, different virtual devices are isolated by default.
You can create a virtual device. The virtual root device (with the device name Root) exists by default

without the need for you to create it. Each virtual device contains members such as Layer 3 interfaces,

Layer 2 interfaces and a VLAN range. The following is the relationship between the virtual devices and

their members:

•

By default, all Layer 3 interfaces and VLANs belong to the virtual root device.

•

All Layer 2 interfaces belong to all created virtual devices.

•

A Layer 3 interface or VLAN can belong to one virtual device.

•

After creating a virtual device, you can add specified Layer 3 interfaces and VLANs to the virtual
device to manage them.

The virtual device feature has the following advantages:

•

Each virtual device maintains its own users, which are configured by the administrator of the virtual
root device. The users on a virtual device can log in to the local virtual device only.

•

Each virtual device maintains its own zones, and security policies based on the zones.

•

Each virtual device maintains of its own resources such as addresses, address groups, services, and
service groups.

•

Each virtual device maintains its own sessions.

•

Each virtual device maintains its own connection number limit, blacklist, port scanning and Flood
detection policies and data.

The upper most of the navigation tree shows the name of the virtual device on which you are performing

operations in the square brackets, as shown in

Figure 85

Figure 85 Name of the virtual device

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS