关闭虚拟设备WAN/管理接口

Network Edge用户可以关闭特定虚拟设备 (VNF) 类型上的 WAN 接口。用例包括一种将虚拟设备 (VNF) 与互联网完全隔离的方法。本主题提供了支持从虚拟设备级别配置关闭 WAN 接口的虚拟设备供应商和产品型号的列表。

注意

VNF 接口的关闭是在虚拟设备接口配置级别进行的。这与使用主访问控制列表 (PRCL) 进行流量控制不同。您可以为给定的虚拟设备禁用 PRCL，但某些引导和服务通信仍然被允许（包括 DNS 服务、SD-WAN 控制器管理和许可服务器通信）。

SD-WAN 设备类型不支持 WAN 接口关闭，因为它用于与 SD-WAN 控制器通信。关闭接口所需的配置可以在各个供应商的相应产品文档中找到。

Vendor Name	Device Type	Model	Interface Shutdown Support	Interface Name	Comments
Arista	SD-WAN	VeloCloud SD-WAN Edge	No	GE3
Aruba	SD-WAN	EdgeConnect	No	wan0
CheckPoint	Firewall	CloudGuard	P	ethX	WAN Interface is used for: Communication with SMS Server NTP Software Update VPN Tunnel
Cisco	Router	CSR1000v	P	GigabitEthernetX	CSR1000v Permanent License Reservation (PLR) through offline method should be used.
Router	Catalyst 8000v	P	GigabitEthernetX	License Reservation through offline method should be used.
SD-WAN	CSR1000v	No	GigabitEthernetX
Firewall	ASAv	P	GigabitEthernet0/X	ASAv Permanent License Reservation (PLR) through offline method should be used.
Firewall	FTDv	No	GigabitEthernet0/X	Mgmt / WAN Interface is used to communicate with licensing server and software / security update purpose.
F5 NGINX	LoadBalancer	NGiNX Plus	No	ens3	WAN Interface is used for: Management Access (Monitoring via HTTP / s ) Configuration
Fortinet	Firewall	FortiGate	No	PortX	Fortinet Firewall uses WAN interface to communicate with the license server.
SD-WAN	FortiGate	No	PortX
Juniper	Firewall	vSRX	P	ge-0/0/X
SD-WAN	vSRX SD-WAN	No	ge-0/0/X
Palo Alto	Firewall	VM Series	P	ethernet1/X	WAN Interface is used to communicate with licensing server and software / security update purpose. Ensure BYOC interface can be used to perform update before shutting down the interface. After the device is licensed, WAN interface can be shutdown. All the security updates and software updates needs to be done manually.
SD-WAN	Prisma Virtual ION	No	Port1	WAN Interface is used to communicate with the Controller .
Versa	SD-WAN	FlexVNF	No	vni-0/0