A virtual system (vsys) profile defines the resources for a particular service level. You can assign all virtual systems to the same profile or to different profiles to differentiate service levels.
You can configure 18 different profiles in addition to the root and default profiles which always exist.
To create a vsys profile:
Profile Name: Enter a meaningful name for the new profile. It can be up to 31 characters in length. Spaces are not allowed in the name. Hyphen ( - ) and underscore ( _ ) characters are permitted.
CPU Weight: Enter a CPU weight. ScreenOS scales these weights relative to the weights of all vsys in the security device and assigns time quotas proportional to those weights. ScreenOS then enforces the time quotas over 1- second intervals. This means that as long as a vsys does not exceed its time quota over that 1- second period and the firewall is not too heavily loaded, no packets should be dropped. The range is 1 to 100; the default is 50.
DIP Scale Size: Allows you to specify the maximum scale size that can be configured in a non-root vsys. The DIP scale size range is 0 to the maximum allowed number of root vsys. The default value of the DIP scale size is equal to the root vsys. The DIP scale size prevents non-root vsys from exhausting too many port nodes and too much memory.
Shared DMZ Zone: Select the default interface (Null) for the shared DMZ zone to which an existing vsys is to be subscribed through the vsys profile.
For the following parameters, you can set a maximum value and a reserved value for this vsys profile. For session parameters, the maximum value is the upper limit that you do not want the vsys to exceed. For resource parameters, the read-write vsys administrator can only configure up to the maximum number that you assign in the profile. The reserved value is the number that you want ScreenOS to guarantee to the vsys. You cannot configure a reserved value that exceeds the maximum value. The default reserved value for the parameters is zero (0) if you do not assign a numeric value, except where indicated in the parameter description.
DIPs: Dynamic Internet Protocol addresses.
Warning: Check with your administrator before you assign a DIP ID to a vsys. Duplicate IDs used on the same device can cause dropped or misrouted traffic. The device will not check for or prevent duplicate DIP IDs, nor will it send a notification if such duplicates exist.
MIPs: Mapped Internet Protocol addresses.
MPolicies: Multicast policies.
Policies: Security policies.
Sessions: Number of sessions available for a vsys. It ranges from 100 to the security device total. If you do not configure a specific value in the profile, ScreenOS uses the security device total possible (no vsys limitation). ScreenOS drops excess packets to ensure that the vsys does not exceed the maximum value.
User Service: User services.
User Service Group: User service groups.
Zone Address: Zone addresses.
Zone Address Group: Zone address groups.
Zones: Number of zones.
Click OK to save your changes.