Ensure the Cisco ENCS environment can support the VM-Series
In your Cisco SD-Branch, deploy the VM-Series Firewall
on the Cisco ENCS appliance as a VNF that provides next generation
firewall capabilities to secure your applications and users at the branch
office. You can deploy the firewall in a virtual wire, Layer 2,
or Layer 3 deployment, and in high availability configuration.
To manage the VM-Series firewall, the Panorama appliance can
be deployed on premises or in the cloud. The following topology
shows the VM-Series firewall at the branch edge.
NICs and attach them to a virtual bridge so the ENCS appliance can
steer traffic through the VM-Series firewall.
On the Cisco
ENCS appliance, the VM-Series firewall supports up to 8 dataplane
The dataplane interfaces of the VM-Series
firewall on Cisco ENCS support Virtio mode only; ENCS SR-IOV and
PCI passthrough modes are not supported.
Set up network connections for VM-Series firewall management
access. If you are using Panorama, ensure that Panorama has network
access to manage the firewall you deploy.
Python 2.7. Required on
your local machine if you are using the command line to convert.
VM-Series Firewall and Panorama Requirements
VM-Series Firewall—The VM-50
and VM-100 are recommended. The VM-300, VM-500, and VM-700 are also
supported, provided the ENCS hardware has sufficient resources that
can be assigned to the VM-Series firewall. Consult the VM-Series System Requirements to
ensure that the Cisco ENCS appliance has adequate resources to support
the VM-Series model you choose.
The VM-Series firewall on Cisco ENCS supports Packet MMAP
mode only. You must disable DPDK using one of the following methods:
From the VM-Series firewall command line, type:
set system setting dpdk-pkt-io off
If you are bootstrapping, in the
Panorama hardware or virtual appliance. While you can deploy
a single VM-Series firewall in a Cisco SD-Branch network, it
is more common to deploy firewalls in many branches and centrally
manage them with Panorama.
Panorama version 8.1.3 or later.
The version must be the same or higher than the version on your
A VM auth key generated
on Panorama. This key allows the VM-Series firewall to authenticate