Virtual device management, Virtual device management overview – H3C Technologies H3C SecPath F1000-E User Manual
Page 135
1
Virtual Device Management
Virtual Device Management Overview
The virtual device feature allows you to divide a physical firewall into several logical firewalls. Creating
virtual devices can provide firewall rental services. You can configure different security policies for
different virtual devices, providing private route forwarding plane and security services for virtual device
users. In addition, different virtual devices are isolated by default.
You can create a virtual device. The virtual root device (with the device name Root) exists by default
without the need for you to create it. Each virtual device contains members such as Layer 3 interfaces,
Layer 2 interfaces and a VLAN range. The following is the relationship between the virtual devices and
their members:
•
By default, all Layer 3 interfaces and VLANs belong to the virtual root device.
•
All Layer 2 interfaces belong to all created virtual devices.
•
A Layer 3 interface or VLAN can belong to one virtual device.
•
After creating a virtual device, you can add specified Layer 3 interfaces and VLANs to the virtual
device to manage them.
The virtual device feature has the following advantages:
•
Each virtual device maintains a group of security zones;
•
Each virtual device maintains a group of resources such as addresses/address groups, and
services/service groups;
•
Each virtual device maintains its own traffic filtering rules between its security zones;
•
Each virtual device maintains its own connection number limit, blacklist, port scanning and Flood
detection policies and data.
The name of the virtual device that is performing operations is displayed in the square brackets on the
left of the system name on the upper most of the navigation tree, as shown in
.
Figure 1 Name of the virtual device