This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

create a new Vsys queries.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

create a new Vsys queries.

SachinGargNTT
L3 Networker

‎11-16-2023 03:50 AM

Wish to configure new VSYS, will it cause any issue while configuring?

 

Do we need to reboot after enabling Multi-vsys opention?

Will it will cause network disruption over default VSYS1?

· Will it will affect the functionality of Access Control Policy on the default VSYS1?

· Will it will affect the entire functionality of default VSYS1?

· Could you share with us a best practices for VSYS creation?

- Will it cause any downtime?

- What difference do we have when we have Panorama in place?

- Any best practice, when we have HA in place?

Sachin garg
Technical consultant
0 Likes Likes
3 REPLIES 3

reaper
Cyber Elite
Cyber Elite

‎11-16-2023 06:03 AM

- after enabling multi-vsys support you will need to reboot the device, adding new vsys after that is simply a matter of creating and committing the config

- it will not change/impactchange functionality of vsys1 (you may need to take a look at your shared objects and 'move' your virtual router into vsys1

- AFAIK there's no real best practice... create a new vsys and give it a name

- the initial reboot is needed to enable vsys, and you may have a very short VirtualRouter restart if you move it from shared to vsys1

- in panorama you'll need to start creating vsys specific configuration, so if you currently have the firewall in panorama and the config (policies, objects,...) are set to shared, you need to move them to vsys1. each vsys will (kind of) show as a different firewall on panorama

- same as with the single vsys. ha config is 'shared' on the chassis anyway so that cannot live in a specific vsys, so no real changes there

 

 

 

rgds

Tom

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

SachinGargNTT
L3 Networker
In response to reaper

‎11-16-2023 06:26 AM

SO, it means for HA-standby , we need to enable VSYS and post first commit all its a regular job of FW - sync with primary FW across chassis.

Sachin garg
Technical consultant
0 Likes Likes

reaper
Cyber Elite
Cyber Elite

‎11-20-2023 01:55 AM

multi vsys support need to be enabled on both chassis, then you can create new vsys's which will be synced via HA sync

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 1099 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks