Shut Down Virtual Device WAN/Management Interface
Network Edge users can shut down the WAN interface on specific virtual device (VNF) types. Use case includes a way to completely segregate Virtual Devices (VNFs) from the Internet. This topic provides a list of virtual device vendors and product models that support WAN interface shutdown from the virtual device level configuration.
Shutdown of the VNF interface is at the virtual device interface configuration level. This is different from traffic control using Primary Access Control List. You may disable Primary Access Control List for a given virtual device, but some bootstrap and service communications are still allowed (including DNS services, SD-WAN controller management, and licensing server communications).
SD-WAN device types do not support WAN Interface shutdown as it is used to communicate with the SD-WAN Controller. The configuration required to shut down the interface can be found in the respective product documentation from each vendor.
| Vendor Name | Device Type | Model | Interface Shutdown Support | Interface Name | Comments |
|---|---|---|---|---|---|
| Aruba | SD-WAN | EdgeConnect | No | wan0 | |
| CheckPoint | Firewall | CloudGuard | P | ethX | WAN Interface is used for: Communication with SMS Server NTP Software Update VPN Tunnel |
| Cisco | Router | CSR1000v | P | GigabitEthernetX | CSR1000v Permanent License Reservation (PLR) through offline method should be used. |
| Router | Catalyst 8000v | P | GigabitEthernetX | License Reservation through offline method should be used. | |
| SD-WAN | CSR1000v | No | GigabitEthernetX | ||
| Firewall | ASAv | P | GigabitEthernet0/X | ASAv Permanent License Reservation (PLR) through offline method should be used. | |
| Firewall | FTDv | No | GigabitEthernet0/X | Mgmt / WAN Interface is used to communicate with licensing server and software / security update purpose. | |
| F5 NGINX | LoadBalancer | NGiNX Plus | No | ens3 | WAN Interface is used for: Management Access (Monitoring via HTTP / s ) Configuration |
| Fortinet | Firewall | FortiGate | No | PortX | Fortinet Firewall uses WAN interface to communicate with the license server. |
| SD-WAN | FortiGate | No | PortX | ||
| Juniper | Firewall | vSRX | P | ge-0/0/X | |
| SD-WAN | vSRX SD-WAN | No | ge-0/0/X | ||
| Palo Alto | Firewall | VM Series | P | ethernet1/X | WAN Interface is used to communicate with licensing server and software / security update purpose. Ensure BYOC interface can be used to perform update before shutting down the interface. After the device is licensed, WAN interface can be shutdown. All the security updates and software updates needs to be done manually. |
| SD-WAN | Prisma Virtual ION | No | Port1 | WAN Interface is used to communicate with the Controller . | |
| Versa | SD-WAN | FlexVNF | No | vni-0/0 | |
| VMWare | SD-WAN | VMWare SD-WAN | No | GE3 |