You can
limit the resource
allocations for sessions, rules and VPN tunnels allowed for
a virtual system, and thereby control firewall resources. Each resource
setting displays the valid range of values, which
varies per firewall model. The
default setting is 0, which means the limit for the virtual system
is the limit for the firewall model. However, the limit for a specific
setting isn’t replicated for each virtual system. For example, if
a firewall has four virtual systems, each virtual system can’t have
the total number of Decryption Rules allowed per firewall. After
the total number of Decryption Rules for all of the virtual systems
reaches the firewall limit, you cannot add more.