Configuring contexts, Overview, Context applications – H3C Technologies H3C SecPath F5020 User Manual

62

Configuring contexts

Overview

A physical firewall or an IRF fabric can be virtualized into multiple logical firewalls called contexts. Each

context is assigned separate hardware and software resources, and operates independently of other
contexts. From the user's perspective, a context is a standalone firewall.

Context applications

With context technology, you can meet firewall requirements from different branches or companies by
using a single physical firewall.
As shown in

Figure 22

, LAN 1, LAN 2, and LAN 3 are connected to the Internet through the same firewall.

To provide secure access services for the three LANs, you can deploy a single physical firewall and

configure a context for each LAN on the firewall. The administrator of each LAN can only log in to and
manage its own context, without affecting other LANs. This has the same effect as deploying a separate

firewall for each LAN.

Figure 22 Network diagram

Default context and non-default contexts

A device supporting contexts is considered to be a context. This context is called the default context (for

example, Firewall in

Figure 22

). The default context always uses the name Admin and the ID 1. You

cannot delete it or change its name or ID.
When you log in to the physical firewall, you are logged in to the default context. On the default context,

you can perform the following tasks: