Virtual Routers Overview

A security device can divide its routing component into two or more virtual routers. A virtual router supports static routing, dynamic routing protocols, and multicast protocols, which you can enable simultaneously in one virtual router. A security device can contain the following types of virtual routers (VRs):

You can define multiple VRs, but trust-vr is the default VR. All predefined and custom security zones (and all interfaces bound to those security zones) are bound to the trust-vr virtual router. To bind a security zone to the untrust-vr or to a custom VR, you must first unbind all interfaces from the zone. For a virtual system (vsys), you can select a virtual router to be the default router for the vsys.

The management virtual router supports out-of-band management and segregates firewall management traffic away from production traffic. The feature is disabled by default and you can enable it by setting a virtual router.

Related Documentation