In general we need only one virtual router for any firewall functionality. If there is need to have multiple routers on a single firewall hardware based on the needs then we can enable them to use as needed.
Below is a doc talking about multi virtual system where they discuss about multi virtual routers if needed to have the single hardware split to multi system and multi routers.
The number of virtual routers you need is dictated primarily by your routing separation needs.
Yes, a common case of two virtual routes is having two ISPs. This way each router has one default route and each ISP has a source of traffic in that router.
Other use cases for multiple virtual routers is multi-tenancy. If the datacenter has a need to have routing separation from multiple clients, then virtual routers provide a simple way to achieve this. These are especially useful when running OSPF to keep the routers from one client from leaking into the routing tables of another unrelated client.
As Steven said, virtual-router is just a logical segregation of your routing table inside the same physical firewall. This is useful, in case of multihome network and if you are trying to utilize both lines at the same time.
Just trying to find the best solution for my network. I have found quite a variation in the approach to the PA, I have been told that with two ISP 2 VR's makes it similar and another say it makes it more complex than needed. I have no cisco experience and am currently trying to migrate from cisco ASA 5505 & 5510 to a PA 3020
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!