Ensure the Cisco ENCS environment can support the VM-Series
In your Cisco SD-Branch, deploy the VM-Series Firewall
on the Cisco ENCS appliance as a VNF that provides next generation
firewall capabilities to secure your applications and users at the
branch office. You can deploy the firewall in a virtual wire, Layer
2, or Layer 3 deployment, and in high availability configuration.
To manage the VM-Series firewall, the Panorama appliance can
be deployed on premises or in the cloud. The following topology
shows the VM-Series firewall at the branch edge.
NICs and attach them to a virtual bridge so the ENCS appliance can steer
traffic through the VM-Series firewall.
On the Cisco ENCS
appliance, the VM-Series firewall supports up to 8 dataplane interfaces.
dataplane interfaces of the VM-Series firewall on Cisco ENCS support
Virtio mode only; ENCS SR-IOV and PCI passthrough modes are not
Set up network connections for VM-Series firewall management
access. If you are using Panorama, ensure that Panorama has network
access to manage the firewall you deploy.
Python 2.7. Required on
your local machine if you are using the command line to convert.
VM-Series Firewall and Panorama Requirements
VM-Series Firewall—The VM-50
and VM-100 are recommended. The VM-300, VM-500, and VM-700 are also
supported, provided the ENCS hardware has sufficient resources that
can be assigned to the VM-Series firewall. Consult the VM-Series System Requirements to ensure that
the Cisco ENCS appliance has adequate resources to support the VM-Series
model you choose.
VM-Series firewall capacity license and subscription auth
codes that meet your requirements. See VM-Series Model License Types. You enter
auth codes in the NFVIS user interface, or include the auth codes
With PAN-OS 9.1, the VM-Series firewall on Cisco ENCS supports
Virtio with DPDK mode enabled by default.
Panorama hardware or virtual appliance. While you can deploy
a single VM-Series firewall in a Cisco SD-Branch network, it
is more common to deploy firewalls in many branches and centrally
manage them with Panorama.
Panorama version 9.1 or later.
The version must be the same or higher than the version on your
A VM auth key generated
on Panorama. This key allows the VM-Series firewall to authenticate