This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-12-20 12:08 PM

I personally think "virtualization" is a deeply misleading term to use in marketing for VSX. It has nothing to do with VMs as most people think of them.

It's exactly like OpenBSD rdomains, Linux network namespaces (in fact, this is the exact technology which backs VSX), Arista/Cisco/Extreme/Juniper VRFs, Fortinet vdom, Palo Alto vsys, and so on. It gives you the ability to run multiple routing tables on a single physical firewall or cluster. As @Alex- mentioned, all VSs have the same view of the same OS and the same hardware. You can't patch or upgrade one VS at a time. Logs from all VSs go to the same volume on the drive.

There are four fundamental types of VS:

  • Layer 2 with no firewalling - virtual switch
  • Layer 2 with firewalling - bridge mode VS
  • Layer 3 with no firewalling - virtual router
  • Layer 3 with firewalling - normal VS

Switches do not consume a license slot. The other three types all consume license slots.

All firewall licenses come with the ability to run one VS. This is so you can separate to-traffic routing (i.e, traffic to the firewall to manage it) from through-traffic routing (i.e, routing for traffic the firewall handles but doesn't terminate).

(1)
Who rated this post