[FW]resource-class r1
[FW-resource-class-r1]resource-item-limit session reserved-number 500 maximum
1000
[FW]display resource global-resource
[FW]switch vs
[FW]switch vsys vsysb
<FW-vsysb>sys
[FW-vsysb]int g1/0/2
[FW-vsysb-GigabitEthernet1/0/2]ip add 10.3.1.254 24
[FW-vsysb-GigabitEthernet1/0/2]q
[FW-vsysb]int Virtual-if 2
[FW-vsysb-Virtual-if2]ip add 172.16.2.1 24
[FW-vsysb-Virtual-if2]q
[FW-vsysb]firewall zone trust
[FW-vsysb-zone-trust]add int g1/0/2
[FW-vsysb-zone-trust]q
[FW-vsysb]firewall zone untrust
[FW-vsysb-zone-untrust]add int Virtual-if 2
[FW-vsysc]int g1/0/3
[FW-vsysc-GigabitEthernet1/0/3]ip add 10.3.2.254 24
[FW-vsysc-GigabitEthernet1/0/3]q
[FW-vsysc]int Virtual-if 3
[FW-vsysc-Virtual-if3]ip add 172.16.3.1 24
[FW-vsysc-Virtual-if3]q
[FW-vsysc]firewall zone trust
[FW-vsysc-zone-trust]add int g1/0/3
[FW-vsysc-zone-trust]q
[FW-vsysc]firewall zone untrust
[FW-vsysc-zone-untrust]add int Virtual-if 3
[FW-vsysc-zone-untrust]q
[FW-vsysc]ip route-static 0.0.0.0 0 public
[FW-vsysc]security-policy
[FW-vsysc-policy-security]rule name to_internet
[FW-vsysc-policy-security-rule-to_internet]source-zone trust
[FW-vsysc-policy-security-rule-to_internet]destination-zone untrust
[FW-vsysc-policy-security-rule-to_internet]source-address 10.3.2.0 24
[FW-vsysc-policy-security-rule-to_internet]action permit