Hi Paul, There are a few parts to this configuration. One key point is that you must configure the interfaces to be in a single virtual router. Next you have to make the virtual systems visible to each other. Finally you have to create special zones to allow this traffic to flow. VSYS Configuration 1. Navigate to Device Tab > Virtual Systems and create your two Virtual Systems (VSYS1 and VSYS 2). 2. When the virtual systems have been created, add VSYS2 to the "Visible Virtual Systems" list on VSYS1. Repeat to add VSYS1 as a visible virtual system in VSYS2. Zone configuration 1. Create a new zone in VSYS1 of type "External" and select VSYS2 in the Virtual System box. Call it vsys2_ext_zone. 2. Create a new zone in VSYS2 of type "External" and select VSYS1 in the Virtual System box. Call it vsys1_ext_zone. For traffic moving from VSYS1 into VSYS2, a security rules is required in EACH VSYS: In your VSYS1 security policy, you will have to create a rule from the source zone in VSYS1 to the external zone called vsys2_ext_zone. In your VSYS2 security policy, you will have to create a rule from the external zone representing VSYS1 (vsys1_ext_zone) to the destination zone in VSYS2. For traffic moving from VSYS2 into VSYS1, a security rules is required in EACH VSYS: In your VSYS2 security policy, you will have to create a rule from the source zone in VSYS2 to the external zone called vsys1_ext_zone. In your VSYS1 security policy, you will have to create a rule from the external zone representing VSYS2 (vsys2_ext_zone) to the destination zone in VSYS1. Best regards, Nick Campagna
... View more