Virtual Systems

You can logically partition a single Juniper Networks security system into multiple virtual systems to provide multi-tenant services. Each virtual system (vsys) is a unique security domain and can have its own administrators (called virtual system administrators or vsys admins) who can individualize their security domain by setting their own address books, user lists, custom services, VPNs, and policies. Only a root-level administrator, however, can set firewall security options, create virtual system administrators, and define interfaces and subinterfaces.

Note: Refer to the Juniper Networks marketing literature to see which platforms support this feature.

Juniper Networks virtual systems support two kinds of traffic classifications: VLAN-based and IP-based, both of which can function exclusively or concurrently. For more information on how to create and view Vsys profiles and other resource information, see the Concepts & Examples ScreenOS Reference Guide.

This chapter contains the following topics: