The firewall forward cross-vsys command configures the communication mode of virtual systems.
| Parameter | Description | Value |
|---|---|---|
| normal | Indicates the normal communication mode. | - |
| extended | Indicates the extended communication mode. | - |
Application scenario
The default communication mode of virtual systems is the normal mode, which supports only direct communication between two virtual systems through route and policy configurations (vsysa -> vsysb). Each packet can go through cross-virtual system forwarding only once and will be discarded if it passes through over two virtual systems.
In extended mode, the device introduces the concept of shared virtual system (Shared-vsys). A shared virtual system in extended mode is created on the FW for routing, which helps implement communication between two virtual systems across Shared-vsys (vsysa -> Shared-vsys -> vsysb). Packets between the two virtual systems are forwarded across Shared-vsys. Considering that the firewall forward cross-vsys extended command has been executed to set the FW communication mode to extended mode, packets from vsysa are forwarded across Shared-vsys to vsysb without being discarded. Each packet can go through cross-virtual system forwarding for a maximum of two times.
Precautions
In extended mode, each packet goes through cross-virtual system forwarding for two times, decreasing the device forwarding performance. You are advised to set the communication mode to the normal mode.