Cisco VNFs Specifications
Cisco Licensing
The following table details the licensing types available on Network Edge for Cisco VNFs.
| VNF Type | BYOL | Subscription |
|---|---|---|
| ASAv Firewall | Yes | No |
| FTD Virtual | Yes | No |
Support
The following table indicates support responsibility for Equinix and Cisco for your Cisco VNF.
| License Type | Equinix | Cisco |
|---|---|---|
| BYOL | Equinix supports Network Edge infrastructure specific topics, including VNF operation, license registration, connectivity issues, Network Edge service issues, etc. | Support needs to be purchased from your Cisco reseller along with the license. Contact Cisco directly for support. |
| Subscription | Equinix supports Network Edge infrastructure specific topics, including VNF operation, license registration, connectivity issues, Network Edge service issues, etc. | Open a Cisco TAC case in the Network Edge portal ONLY for IOX-XE related issues or configuration questions. Work directly with Cisco TAC without Equinix engagement. |
For the BYOL option, you are responsible for obtaining Cisco support from Cisco or their partners. Contact a Cisco sales representative or partner to purchase a license and support contract.
Cisco Adaptive Security Virtual Appliance
- Cisco Adaptive Security Virtual Appliance (ASAv) Data Sheet.
- Cisco Secure Firewall ASA Series Feature Licenses.
- Cisco ASA Series, 9.16(x) Release Notes.
| Small | Medium | Large | |
|---|---|---|---|
| CPU | 2 Cores | 4 Cores | 8 Cores |
| Memory | 4 GB | 8 GB | 16 GB |
| Software Package | ASAv10 | ASAv10ASAv30 | ASAv10ASAv30 ASAv50 |
| Virtual Data Interfaces Supported (Default/Max) | 10 / 10 | ||
| System Reserved Interfaces | Management 0/0 (MGMT) GigabitEthernet 0/1 (WAN) | ||
| Available License Type | BYOL | ||
| Access Methods | SSH (CLI) HTTPS (Web Console) | ||
| Image Version | See Available Image Versions | ||
| Restricted CLI Commands | None (self-configured) | ||
| Deployment Option | Single Redundant |
Cisco Threat Defense Virtual Firewall
- Cisco Threat Defense Virtual (Formerly FTDv/NGFWv) Data Sheet.
- Cisco Secure Firewall Management Center Feature Licenses.
- Cisco Firepower Version 7.0 Release Notes.
| Small | Medium | Large | |
|---|---|---|---|
| CPU | 4 Cores | 8 Cores | 12 Cores |
| Memory | 8 GB | 16 GB | 24 GB |
| Software Package | FTDv5FTDv10FTDv20 | FTDv30 | FTDv50 |
| Virtual Data Interfaces Supported (Default/Max) | 10 / 10 | ||
| System Reserved Interfaces | Web-based Management (FMC, FDM or CDO) | ||
| Available License Type | BYOL | ||
| Access Methods | SSH (CLI) HTTPS (Web Console) | ||
| Image Version | See Available Image Versions | ||
| Restricted CLI Commands | None (self-configured) | ||
| Deployment Option | Single Redundant |
Creating Threat Defense Virtual Firewall (Self-Configured) Devices
When configuring your device details, you will specify the following:
-
Cluster Name - If you are creating a cluster, give your cluster a name.
-
Device Name – Enter a name for the device. If you are creating more than a single device,
-Node 0is appended to the primary node and-Node 1is appended to the secondary node after the device name. -
Device Management – Select your device management type from the following:
- Firewall Management Center (FMC) – Enter the FMC’s IP Address as the Controller IP Address, and the Registration Key. The registration key is used to register the device to the FMC.
- Firepower Device Manager (FDM)
- Cisco Defense Orchestrator (CDO)
-
Connectivity Type feature is available for the Cisco Threat Defense Virtual Firewall VNF. This feature provides options to include a virtual interface with a Public IP address from Equinix or not. This helps in cases where a VNF needs to be separated from the Internet. You can manage virtual devices from their private network or virtual connection, not from the Internet.
noteThe Connectivity Type option is only available when provisioning a new device. This option can’t be enabled for devices provisioned before 2023.4 release.
The following table summarizes connectivity type options and the difference between the two options.
Connectivity Type With Equinix Public IP Address Without Equinix Public IP Address Use Cases This option comes with Public IP Addresses from Equinix and does not require an additional Virtual Connection to manage the virtual device. This option removes Equinix-sourced Public IP Address assignment and will segregate the VNF from the Internet after the device creation. If the device needs to be managed by software running in the Colo cage or through a private virtual connection, this option is recommended. Internet Connectivity Public IP addresses from Equinix are assigned to the following interfaces and accessible from the Internet: Management (MGMT), Ethernet 1/1 (WAN) No public IP Address from Equinix included. This option requires a separate virtual connection from your Network Service Provider (NSP) or Internet Service Provider (ISP). See [Bring Your Own Connection - Remote Fabric Port](../Reference Architecture/NE-BYOC-remote-port.htm) for more information. Access Control List Create an Access Control List (ACL) to limit traffic to the VNF Management (MGMT) or WAN interface. The ACL option is not available. Additional compensating controls can be implemented for traffic from any private virtual connection. SSH Access Unlike the other VNF types, we do not provide username and RSA Public Key configuration settings for SSH access during the device creation workflow. Use console access from the device details page. Unlike the other VNF types, we do not provide username and RSA Public Key configuration settings for SSH access during device creation workflow.Use console access from the device details page. Device Manageability During device creation, select the management type: FMC, FDM, or CDO. If you FMC select, you need to provide FMC’s IP Address and Registration Key. A virtual connection (via the BYOC option) must first be assigned to the Management (MGMT) interface for FMC, FDM or CDO access. If you FMC select, you need to provide FMC’s IP Address and Registration Key. License Registration Manually register the license after the device is created. Manually register the license after the device is created. You are responsible for registering the license using Internet access through a private virtual connection. Clustering Setup The cluster option is not available for this connectivity type. Users are required to configure cluster devices manually. When the connectivity type Without Equinix Public IP Address is selected, the VNF is provisioned without a public IP Address on the WAN or Management interface. You are responsible for configuring the license registration, overlay network configuration, and clustering (optional).
The following is an example (reference only) command for management interface setup.
configure network ipv4 manual <IP Address> <Mask> <Default Gateway>