"Just because you can do something doesn't mean you should"
Having managed a multi-vSYS environment, I can definitely recommend you NOT do this. You can because the vSYS are considered completely separate systems. But to keep things straight in your own head, I would recommend defining your zones with meaningful and specific names. This means you will most likely have different zone names in each vSYS naturally. Thoughts?
Depends on why you are using multi-vsys to begin with. In certain instances where I utilize multi-vsys in local government buildings to seperate out say Law Enforcement from the rest of the County I wouldn't necissarly say that a zone named "County Untrust" or "LEA Untrust" would really make that big of an difference over just "untrust". It might matter slightly more if you configure in the GUI instead of the XML or CLI, but you do have the dropdown up top specifying what VSYS you are on currently.
It's also something that I've done on purpose when I template the XML file for utilization in Jinja2 for shared security policies where I might only want to make an "Internet Access" policy once or a similar shared policy that I would otherwise have to create in both security rulebases manually. Granted this is an extreme edge-case and something most people would never think of even doing, but reasons to utilize shared zone names do exist.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!