Traffic Flow and Virtual Systems
Traffic can be directed to virtual systems based on virtual wire configuration or VLAN for Layer 2 and Layer 3 deployments. Software elements called virtual routers – part of PAN-OS® running on the physical firewall – control how traffic flows in, out, and between virtual systems.
Inter-virtual system traffic can be controlled by policy, subject to the firewall policies of the virtual systems involved. This allows for use cases like network segmentation, with firewall protections available for allowed network traffic between virtual system-defined segments.