Platform Support and Licensing for Virtual Systems
Focus
Focus

Platform Support and Licensing for Virtual Systems

Table of Contents

Platform Support and Licensing for Virtual Systems

Virtual systems are supported on the following platforms. Each firewall series supports a base number of virtual systems; the number varies by platform.
  • PA-400 Series firewalls (PA-440, PA-445, PA-450, PA-455, and PA-460 firewalls only)
  • PA-1400 Series firewalls
  • PA-3200 Series firewalls
  • PA-3400 Series firewalls
  • PA-5200 Series firewalls
  • PA-5400 Series firewalls
  • PA-7000 Series firewalls
  • PAN-OS 11.1.3 and later releases VM-Series firewalls
  • PA-7500 Series firewalls
  • PAN-OS 11.1.7 and later releases PA-7500 Series firewalls in an NGFW cluster
If you need to create more than the base number of virtual systems that your firewall platform supports, you purchase a Virtual Systems license.
For license information, see Subscriptions. For the base and maximum number of virtual systems supported, see Compare Firewalls tool.
Multiple virtual systems are not supported on the PA-220 and PA-800 Series firewalls.
The default is vsys1. You cannot delete vsys1 because it is relevant to the internal hierarchy on the firewall; vsys1 appears even on firewall models that don’t support multiple virtual systems.
You can limit the resource allocations for sessions, rules and VPN tunnels allowed for a virtual system, and thereby control firewall resources. Each resource setting displays the valid range of values, which varies per firewall model. The default setting is 0, which means the limit for the virtual system is the limit for the firewall model. However, the limit for a specific setting isn’t replicated for each virtual system. For example, if a firewall has four virtual systems, each virtual system can’t have the total number of Decryption Rules allowed per firewall. After the total number of Decryption Rules for all of the virtual systems reaches the firewall limit, you cannot add more.