Skip to main content

Cisco VNFs Specifications

Cisco Licensing

The following table details the licensing types available on Network Edge for Cisco VNFs.

VNF TypeBYOLSubscription
ASAv FirewallYesNo
FTD VirtualYesNo

Support

The following table indicates support responsibility for Equinix and Cisco for your Cisco VNF.

License TypeEquinixCisco
BYOLEquinix supports Network Edge infrastructure specific topics, including VNF operation, license registration, connectivity issues, Network Edge service issues, etc.Support needs to be purchased from your Cisco reseller along with the license. Contact Cisco directly for support.
SubscriptionEquinix supports Network Edge infrastructure specific topics, including VNF operation, license registration, connectivity issues, Network Edge service issues, etc.Open a Cisco TAC case in the Network Edge portal ONLY for IOX-XE related issues or configuration questions. Work directly with Cisco TAC without Equinix engagement.

For the BYOL option, you are responsible for obtaining Cisco support from Cisco or their partners. Contact a Cisco sales representative or partner to purchase a license and support contract.

Cisco Adaptive Security Virtual Appliance

SmallMediumLarge
CPU2 Cores4 Cores8 Cores
Memory4 GB8 GB16 GB
Software PackageASAv10ASAv10ASAv30ASAv10ASAv30 ASAv50
Virtual Data Interfaces Supported (Default/Max)10 / 10
System Reserved InterfacesManagement 0/0 (MGMT) GigabitEthernet 0/1 (WAN)
Available License TypeBYOL
Access MethodsSSH (CLI) HTTPS (Web Console)
Image VersionSee Available Image Versions
Restricted CLI CommandsNone (self-configured)
Deployment OptionSingle
Redundant

Cisco Threat Defense Virtual Firewall

SmallMediumLarge
CPU4 Cores8 Cores12 Cores
Memory8 GB16 GB24 GB
Software PackageFTDv5FTDv10FTDv20FTDv30FTDv50
Virtual Data Interfaces Supported (Default/Max)10 / 10
System Reserved InterfacesWeb-based Management (FMC, FDM or CDO)
Available License TypeBYOL
Access MethodsSSH (CLI) HTTPS (Web Console)
Image VersionSee Available Image Versions
Restricted CLI CommandsNone (self-configured)
Deployment OptionSingle
Redundant

Creating Threat Defense Virtual Firewall (Self-Configured) Devices

When configuring your device details, you will specify the following:

  • Cluster Name - If you are creating a cluster, give your cluster a name.

  • Device Name – Enter a name for the device. If you are creating more than a single device, -Node 0 is appended to the primary node and -Node 1 is appended to the secondary node after the device name.

  • Device Management – Select your device management type from the following:

    • Firewall Management Center (FMC) – Enter the FMC’s IP Address as the Controller IP Address, and the Registration Key. The registration key is used to register the device to the FMC.
    • Firepower Device Manager (FDM)
    • Cisco Defense Orchestrator (CDO)
  • Connectivity Type feature is available for the Cisco Threat Defense Virtual Firewall VNF. This feature provides options to include a virtual interface with a Public IP address from Equinix or not. This helps in cases where a VNF needs to be separated from the Internet. You can manage virtual devices from their private network or virtual connection, not from the Internet.

    note

    The Connectivity Type option is only available when provisioning a new device. This option can’t be enabled for devices provisioned before 2023.4 release.

    The following table summarizes connectivity type options and the difference between the two options.

    Connectivity TypeWith Equinix Public IP AddressWithout Equinix Public IP Address
    Use CasesThis option comes with Public IP Addresses from Equinix and does not require an additional Virtual Connection to manage the virtual device.This option removes Equinix-sourced Public IP Address assignment and will segregate the VNF from the Internet after the device creation. If the device needs to be managed by software running in the Colo cage or through a private virtual connection, this option is recommended.
    Internet ConnectivityPublic IP addresses from Equinix are assigned to the following interfaces and accessible from the Internet: Management (MGMT), Ethernet 1/1 (WAN)No public IP Address from Equinix included. This option requires a separate virtual connection from your Network Service Provider (NSP) or Internet Service Provider (ISP). See [Bring Your Own Connection - Remote Fabric Port](../Reference Architecture/NE-BYOC-remote-port.htm) for more information.
    Access Control ListCreate an Access Control List (ACL) to limit traffic to the VNF Management (MGMT) or WAN interface.The ACL option is not available. Additional compensating controls can be implemented for traffic from any private virtual connection.
    SSH AccessUnlike the other VNF types, we do not provide username and RSA Public Key configuration settings for SSH access during the device creation workflow. Use console access from the device details page.Unlike the other VNF types, we do not provide username and RSA Public Key configuration settings for SSH access during device creation workflow.Use console access from the device details page.
    Device ManageabilityDuring device creation, select the management type: FMC, FDM, or CDO. If you FMC select, you need to provide FMC’s IP Address and Registration Key.A virtual connection (via the BYOC option) must first be assigned to the Management (MGMT) interface for FMC, FDM or CDO access. If you FMC select, you need to provide FMC’s IP Address and Registration Key.
    License RegistrationManually register the license after the device is created.Manually register the license after the device is created. You are responsible for registering the license using Internet access through a private virtual connection.
    Clustering SetupThe cluster option is not available for this connectivity type.Users are required to configure cluster devices manually.

    When the connectivity type Without Equinix Public IP Address is selected, the VNF is provisioned without a public IP Address on the WAN or Management interface. You are responsible for configuring the license registration, overlay network configuration, and clustering (optional).

    The following is an example (reference only) command for management interface setup.

    configure network ipv4 manual <IP Address> <Mask> <Default Gateway>