Filter

Expand All | Collapse All

VM-Series Firewall Docs

Activation & Onboarding
Getting Started
Upgrade
Deployment
Select a Document
- Public Cloud
- Private Cloud

Focus

VM-Series

VM-Series on KVM—Requirements and Prerequisites

Table of Contents

VM-Series Firewall on KVM

Prepare the Linux Server

VM-Series on KVM—Requirements and Prerequisites

Learn what's required to deploy the VM-Series firewall on KVM.

Where Can I Use This?	What Do I Need?
KVM	VM-Series Firewall License (BYOL) Panorama VM-Series plugin

Requirements	Description
Hardware Resources	See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
Software Versions	See the supported KVM software versions in the Compatibility Matrix. VM-Series firewall now supports ARM-based instances on KVM hypervisor for private clouds. All features that were available in x86 environments are now extended to ARM-based instances including hypervisor support, DPDK that provide better performance, while reducing the operational (OPEX) costs, power consumption, and footprints. ARM architecture support is currently available on KVM as Software NGFW credits
SR-IOV Drivers	See PacketMMAP Driver Versions drivers in the Compatibility Matrix.
DPDK Drivers	See DPDK Driver Versions in the Compatibility Matrix. If you use one of the supported NIC drivers on VM-Series on KVM, DPDK is enabled by default.
Network Interfaces—Network Interface Cards and Software Bridges	The VM-Series on KVM supports a total of 25 interfaces — 1 management interface and a maximum of 24 network interfaces for data traffic. VM-Series deployed on KVM supports software-based virtual switches such as the Linux bridge or the Open vSwitch bridge, and direct connectivity to PCI pass-through or an SR-IOV capable adapter. If you plan to establish connectivity using PCI-pass-through or SR-IOV, you can’t configure a vSwitch on the physical port used for SR-IOV or PCI-pass-through. To communicate with the host and other virtual machines on the network, the VM-Series firewall must have exclusive access to the physical port and associated virtual functions (VFs) on that interface. On the Linux bridge and OVS, the e1000 and Virtio drivers are supported; the default driver rtl8139 isn’t supported. For PCI pass-through/SR-IOV support, the VM-Series firewall has been tested for the following network cards: Intel 82576 based 1G NIC: SR-IOV support on all supported Linux distributions; PCI-pass-through support. Intel 82599 based 10G NIC: SR-IOV support on all supported Linux distributions; PCI-pass-through support. Intel 82598 based 10G NIC: SR-IOV support on all supported Linux distributions; PCI-passthrough support. Intel X710 NIC: SR-IOV support on all supported Linux distributions; PCI-pass-through support Intel X722 10G NIC: SR-IOV support on all supported Linux distributions; PCI-pass-through support Intel E810: SR-IOV support on all supported Linux distributions; DPDK support, PCI-passthrough support. Intel E822 100G NIC: SR-IOV support on all supported Linux distribution. Intel E823 100G NIC: SR-IOV support on all supported Linux distribution. Broadcom 57112 and 578xx based 10G NIC: SR-IOV support on all supported Linux distributions; No PCI-pass-through support. Bluefield 2 and Bluefield 3 100G NIC: SR-IOV support on all supported Linux distributions. Mellanox ConnectX5 10G/25G/50G/100G NIC: SR-IOV support on all supported Linux distributions. Mellanox ConnectX6 10G/25G/50G/100G NIC: SR-IOV support on all supported Linux distributions. Refer to PacketMMAP Driver Versions in the Compatibility Matrix SR-IOV capable interfaces assigned to the VM-Series firewall, must be configured as Layer 3 interfaces or as HA interfaces. For ARM, the VM-Series firewall has been tested for Mellanox, Intel I350 Gigabit NIC, X710, 10G, and 40G network cards.

VM-Series Firewall on KVM

Prepare the Linux Server