Enabling Communication Between Virtual Systems

Procedure

1. Configure the routes for the communication between vsysa and vsysb on the public system.
   1. Select public in the Virtual System drop-down list at the upper right corner of the page to access the public system.
   2. Choose Network > Route > Static Route.
   3. Click Add and configure a static route to vsysb as follows:

      Protocol Type	IPv4
      Source Virtual Router	vsysa
      Destination Address/Mask	10.3.1.0/255.255.255.0
      Destination Virtual Router	vsysb
      Next Hop	-
      Interface	-

      

      In this example, only users in vsysa need to access the server in vsysb. Therefore, you only need to configure the unidirectional route from vsysa to vsysb. The reply packets from the server will match the session table of vsysb and be directly forwarded to vsysa. This configuration is different from the route configuration for forwarding within one virtual system.

      If users in vsysb need to access hosts in vsysa, you must configure a static route from vsysb to vsysa. Set Source Virtual Router of the route to vsysb, Destination Address/Mask to 10.3.0.0/24, and Destination Virtual Router to vsysa.

   4. Click OK.
   5. Choose Network > Interface.
   6. Click next to the Virtual-if0 interface to set an IP address, add the interface to the Trust zone. The IP address can be any value as long as it does not conflict with the IP address on any other interface.
   7. Click OK.
2. Configure security policies on vsysa.
   1. Select vsysa in the Virtual System drop-down list at the upper right corner of the page to access vsysa.
   2. Choose Network > Interface.
   3. Click next to the Virtual-if1 interface to set an IP address, add the interface to the Untrust zone. The IP address can be any value as long as it does not conflict with the IP address on any other interface.
      

      The ID of a virtual interface is automatically assigned based on existing IDs in the system. Therefore, in actual configurations, the interface might not be Virtual-if1. You can view the mapping between the virtual system and virtual interface in Interface List.

   4. Click OK.
   5. Choose Policy > Security Policy > Security Policy.
   6. Click Add Security Policy and configure a security policy as follows:

      Name	to_server
      Source Zone	trust
      Destination Zone	untrust
      Source Address/Region	10.3.0.0/24
      Destination Address/Region	10.3.1.3/32
      Action	Permit

   7. Click OK.
3. Configure security policies on vsysb.
   1. Select vsysb in the Virtual System drop-down list at the upper right corner of the page to access vsysb.
   2. Choose Network > Interface.
   3. Click next to the Virtual-if2 interface to set an IP address, add the interface to the Untrust zone. The IP address can be any value as long as it does not conflict with the IP address on any other interface.
   4. Click OK.
   5. Choose Policy > Security Policy > Security Policy.
   6. Click Add Security Policy and configure a security policy as follows:

      Name	vsysa_to_server
      Source Zone	untrust
      Destination Zone	trust
      Source Address/Region	10.3.0.0/24
      Destination Address/Region	10.3.1.3/32
      Action	Permit

   7. Click OK.