eG Help

Virtual systems are multiple, logical firewall instances within a single Palo Alto Networks physical firewall. Each virtual system is an independent, separately managed logical firewall with its traffic kept separate from that of others. A typical scenario where virtual systems are used is a deployment scenario i.e., two physical firewalls (a HA pair) can be configured as virtual systems for use by tenants of a Managed Security Service Provider. In such environments, administrators can exists in different levels of the system. With the help of virtual systems, administrators can control access to the device level as well as specific management functions (enable, disable, hide) for each firewall customer or user. The flexibility and efficiencies of virtual systems present managed service providers (MSP) and enterprises with some very attractive possibilities to enhance business efficiencies such as improved scalability, low capital expenditure and reduced operational cost.

For efficiently monitoring the traffic through the physical firewall, each administrator of the environment can be assigned with a limited number of virtual systems. If the super administrator of the environment wants to figure out how well sessions are utilized in a virtual server, then he/she can monitor the individual virtual systems and figure out the session load on each virtual system. By continuously monitoring the virtual systems, the super administrator can easily identify the virtual system that is overloaded and further investigate the real reason behind such overload. The PanVirtualSysTest test helps administrators to continuously monitor the session load on the virtual systems.

For each virtual system configured on the Palo Alto Firewall, this test reports the number of active sessions that are active on the virtual system and the percentage of sessions utilized. This test provides administrators effective pointers on the current session load on the virtual systems and identify overloaded virtual systems, if any.

Outputs of the test : One set of results for each virtual system configured on the target firewall being monitored.

Measurement	Description	Measurement Unit	Interpretation
Active_sessions	Indicates number of sessions that are active on this virtual system.	Number	This measure is a good indicator of the session load on the virtual system. Compare the value of this measure across virtual systems to identify the virtual system that is constantly overloaded.
Session_utilization	Indicates the percentage of utilization of session on this virtual system.	Percentage	A high value for this measure is an indication of overload condition on the virtual system.