Skip to main content

Shut Down Virtual Device WAN/Management Interface

Network Edge users can shut down the WAN interface on specific virtual device (VNF) types. Use case includes a way to completely segregate Virtual Devices (VNFs) from the Internet. This topic provides a list of virtual device vendors and product models that support WAN interface shutdown from the virtual device level configuration.

note

Shutdown of the VNF interface is at the virtual device interface configuration level. This is different from traffic control using Primary Access Control List. You may disable Primary Access Control List for a given virtual device, but some bootstrap and service communications are still allowed (including DNS services, SD-WAN controller management, and licensing server communications).

SD-WAN device types do not support WAN Interface shutdown as it is used to communicate with the SD-WAN Controller. The configuration required to shut down the interface can be found in the respective product documentation from each vendor.

Vendor NameDevice TypeModelInterface Shutdown SupportInterface NameComments
ArubaSD-WANEdgeConnectNowan0
CheckPointFirewallCloudGuardPethXWAN Interface is used for:
Communication with SMS Server
NTP
Software Update
VPN Tunnel
CiscoRouterCSR1000vPGigabitEthernetXCSR1000v Permanent License Reservation (PLR) through offline method should be used.
RouterCatalyst 8000vPGigabitEthernetXLicense Reservation through offline method should be used.
SD-WANCSR1000vNoGigabitEthernetX
FirewallASAvPGigabitEthernet0/XASAv Permanent License Reservation (PLR) through offline method should be used.
FirewallFTDvNoGigabitEthernet0/XMgmt / WAN Interface is used to communicate with licensing server and software / security update purpose.
F5 NGINXLoadBalancerNGiNX PlusNoens3WAN Interface is used for:
Management Access (Monitoring via HTTP / s )
Configuration
FortinetFirewallFortiGateNoPortXFortinet Firewall uses WAN interface to communicate with the license server.
SD-WANFortiGateNoPortX
JuniperFirewallvSRXPge-0/0/X
SD-WANvSRX SD-WANNoge-0/0/X
Palo AltoFirewallVM SeriesPethernet1/XWAN Interface is used to communicate with licensing server and software / security update purpose. Ensure BYOC interface can be used to perform update before shutting down the interface. After the device is licensed, WAN interface can be shutdown. All the security updates and software updates needs to be done manually.
SD-WANPrisma Virtual IONNoPort1WAN Interface is used to communicate with the Controller .
VersaSD-WANFlexVNFNovni-0/0
VMWareSD-WANVMWare SD-WANNoGE3