Who rated this post

Showing results for 
Search instead for 
Did you mean: 

I personally think "virtualization" is a deeply misleading term to use in marketing for VSX. It has nothing to do with VMs as most people think of them.

It's exactly like OpenBSD rdomains, Linux network namespaces (in fact, this is the exact technology which backs VSX), Arista/Cisco/Extreme/Juniper VRFs, Fortinet vdom, Palo Alto vsys, and so on. It gives you the ability to run multiple routing tables on a single physical firewall or cluster. As @Alex- mentioned, all VSs have the same view of the same OS and the same hardware. You can't patch or upgrade one VS at a time. Logs from all VSs go to the same volume on the drive.

There are four fundamental types of VS:

  • Layer 2 with no firewalling - virtual switch
  • Layer 2 with firewalling - bridge mode VS
  • Layer 3 with no firewalling - virtual router
  • Layer 3 with firewalling - normal VS

Switches do not consume a license slot. The other three types all consume license slots.

All firewall licenses come with the ability to run one VS. This is so you can separate to-traffic routing (i.e, traffic to the firewall to manage it) from through-traffic routing (i.e, routing for traffic the firewall handles but doesn't terminate).

Who rated this post