关闭虚拟设备广域网/管理接口

网络边缘用户可以关闭特定虚拟设备 (VNF) 类型的 WAN 接口。此用例提供了一种将虚拟设备 (VNF) 与 Internet 完全隔离的方法。本主题提供了支持从虚拟设备级别配置关闭 WAN 接口的虚拟设备供应商和产品型号列表。

注意

VNF接口的关闭是在虚拟设备接口配置级别进行的。这与使用主访问控制列表（PAC）进行流量控制不同。您可以为特定虚拟设备禁用PAC，但仍允许某些引导和服务通信（包括DNS服务、SD-WAN控制器管理和许可服务器通信）。

SD-WAN 设备类型不支持关闭 WAN 接口，因为该接口用于与 SD-WAN 控制器通信。关闭该接口所需的配置信息可在各厂商提供的产品文档中找到。

Vendor Name	Device Type	Model	Interface Shutdown Support	Interface Name	Comments
Arista	SD-WAN	VeloCloud SD-WAN Edge	No	GE3
Aruba	SD-WAN	EdgeConnect	No	wan0
CheckPoint	Firewall	CloudGuard	P	ethX	WAN Interface is used for: Communication with SMS Server NTP Software Update VPN Tunnel
Cisco	Router	CSR1000v	P	GigabitEthernetX	CSR1000v Permanent License Reservation (PLR) through offline method should be used.
Router	Catalyst 8000v	P	GigabitEthernetX	License Reservation through offline method should be used.
SD-WAN	CSR1000v	No	GigabitEthernetX
Firewall	ASAv	P	GigabitEthernet0/X	ASAv Permanent License Reservation (PLR) through offline method should be used.
Firewall	FTDv	No	GigabitEthernet0/X	Mgmt / WAN Interface is used to communicate with licensing server and software / security update purpose.
F5 NGINX	LoadBalancer	NGiNX Plus	No	ens3	WAN Interface is used for: Management Access (Monitoring via HTTP / s ) Configuration
Fortinet	Firewall	FortiGate	No	PortX	Fortinet Firewall uses WAN interface to communicate with the license server.
SD-WAN	FortiGate	No	PortX
Juniper	Firewall	vSRX	P	ge-0/0/X
SD-WAN	vSRX SD-WAN	No	ge-0/0/X
Palo Alto	Firewall	VM Series	P	ethernet1/X	WAN Interface is used to communicate with licensing server and software / security update purpose. Ensure BYOC interface can be used to perform update before shutting down the interface. After the device is licensed, WAN interface can be shutdown. All the security updates and software updates needs to be done manually.
SD-WAN	Prisma Virtual ION	No	Port1	WAN Interface is used to communicate with the Controller .
Versa	SD-WAN	FlexVNF	No	vni-0/0