If your administrator account extends to multiple virtual systems, you can choose to configure
objects (such as an address object) and policy rules for a specific virtual system or as
shared objects, which apply to all of the virtual systems on the firewall. If you try to
create a shared object with the same name and type as an existing object in a virtual
system, the virtual system object is used.
Some
Shared objects pushed from the Panorama management
server, such as External Dynamic Lists (EDL), are counted toward the total maximum
capacity for each object
supported by the firewall model. Others, like Address
objects, are not counted towards the total maximum capacity of the firewall model and
are specific to the vys. For example, you configure 51 vsys and have a firewall model
that supports up to 50,000 IP addresses. You create a
Shared EDL consisting of 1,000 IP addresses and you
push the EDL to all vsys. In this example, 1,000 IP addresses are pushed to each of the
first 50 vsys of your multi-vsys firewall and total 50,000 IP addresses. No IP addresses
are pushed to the 51st vsys because the total maximum IP addresses supported by firewall
model is reached. If configured locally, this same EDL counts for only 1,000 IP
addresses.