Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Vsys Clusters Overview

 

A vsys cluster is a vsys device that has a cluster as its root device.

To enable failover from one virtual system to another, you must create a virtual system interface (VSI) for each virtual system. A logical entity at Layer 3 is linked to multiple Layer 2 physical interfaces in a VSD group. The VSI binds to the physical interface of the device acting as primary of the VSD group. The VSI shifts to the physical interface of another device in the VSD group if there is a failover and it becomes the new primary.

  • Trust zone VSIs—Each vsys has its own trust zone VSI by default. All trust zone VSIs must be in different subnets.

  • Untrust zone VSIs—You can configure each vsys to use its own untrust zone VSI or share the untrust zone VSI from the root device. When virtual systems have their own untrust zone VSIs, the VSIs must be in different subnets from each other and from the untrust zone VSI at the root level.

After creating VSI, you must also create VSD groups to contain these VSIs.

In ScreenOS 6.1 high-end platforms, NSM allows the user to assign or unassign a VLAN group to a VSD. The user can create VLAN groups only after importing the VVLANlan in the members. The user needs to set the VSD group in cluster mode and the VSD group ID list is available from the cluster member. All VLANs belonging to the group will be assigned to the VSD group. The user can assign multiple VLAN groups to a VSD group as well.