thanks for your links
i cant find any thing about difference between perpetual license vs 3/5 subscription, for example, assume i have a WAN with 10 router, i want to use Cisco ISR4431 as vEdge, which license ans subscription i should to order?
and about security, if i want to secure my WAN, i should work with 3rd party or on Cisco SD-WAN, there is security features for using?
because in essential license, Cisco wrote basic security is enable and on advantage license wrote, advance security feature is exist.
i cant find what is difference between basic and security feature in both of licenses
regards
Reza

SD-WAN licences are subscription based. The perpetual license cannot be used for SD-WAN. If you want to use ISR4431 as SD-WAN WAN edge you need to buy a subscription license. You choose a valid license based on features, required bandwidth and license term (3/5 years).

Cisco SD-WAN provides wide range of Security features. The link I provided before lists detailed security features to license tier mapping on page 16.

Dear tzarski
thanks for your reply
i see this doc more times
but my problem didn't fix, for example, would u tell me information in page 16, supplies with cisco SD-WAN or 3rd party
i know, there is an option in SD-WAN called Service chaining that we can add extra appliance for security to SD-WAN

regards
Reza

Sorry Reza, now I got your question :)

So page 16 is listing Cisco SD-WAN build-in security features.

If you want to use Cisco SD-WAN service chaining feature to direct traffic to 3rd patry security appliances you will need a DNA Advantage license.

thanks for reply
i think, i find out something now
there is many security features in SD-WAN (built-in) that no need external appliance (like as ASA, Fortinet and ...), and second type is using external appliance for security (like as ASA, Fortinet and ...) that called Service Chaining.
also if we using Service Chaining, we dont need to use upper license like Advantage or Premier

is it correct?

Dear

what does it mean: Unlimited segmentation to DNA Advantage, please help me with a example. And with Essential what is the limit of this segmentation?

 

Hi Manuel,

 

This means in Cisco DNA Essentials you can use only single service VPN (single VRF). In Cisco DNA Advantage you can use up to platform scale.

Dear Farhan
thank u very much for your explanation, was great
i should ask other question from your sentence:
1- what is different between SDWAN (or security) on Essential and advanced SDWAN (or advanced security) on Advantage?
2- what mean "you get the flexibility to consume the latest technology" ?? could you give an example?
3- "some features are available with 3/5 term license while perpetual license carry other features not available with term", could you give an example for this feature?
4- i got, i can buy Cisco one licenses (essential or advantage) that is perpetual and include all features in DNA (essential or advantage), is it correct?
5- "Network Essentials and Advantage are perpetual and not required for vEdge" this happen if i use C1? if yes, i should buy ISR 4431 with IOS-XE SDWAN and buy C1, and everything will be ok??

sorry for many questions :-(

Regards
Reza

1- what is different between SDWAN (or security) on Essential and advanced SDWAN (or advanced security) on Advantage?
Ans 1:- Basic SD-WAN security services includes:-
-L3/L4/App-Aware Firewall
-Snort IPS/IDS with Talos® signature updates
-DNS monitoring and connector for Cisco Umbrella
Advanced SD-WAN security Advantage Offers:-
-Unlimited segmentation
-URL-filtering
-Cisco Advanced Malware Protection (AMP)
-Cisco Umbrella cloud-app discovery (Umbrella Insights)
2- what mean "you get the flexibility to consume the latest technology" ?? could you give an example?
Ans 2: Flexibility to consume latest technology means, flexibility in choosing whatever you want, you can upgrade from enterprise to advantage or premier licensing whenever you grow as business right. You can choose the term 3/5 years, and you have a bandwidth choice of 10Mb/10gig. You get to use latest features, like LAB automation, SWIM, mVPN, VRF, MPLS, this is just by choosing your licenses Advantage/Essentials in Cisco ONE, with this you do not have to buy specific hardware to get these features, all these features are software centric. I guess above explanation is very crystal clear. I am not sure if you still not able to get the concept. :)
3- "some features are available with 3/5 term license while perpetual license carry other features not available with term", could you give an example for this feature?
Ans 3:- Let me make it simpler for you, perpetual means never ending or doesn't come with a end date, (Ex; Network Essentials and Advantage, please understand DNA Essentials and Advantage is not same it is term license), Now the hardware you purchase like Cat9k,Cat4500 etc will carry some features right if they are switches it will have switch features and all similar for router, So by default you will have Perpetual license when you purchase your H/W. Along with that you have to attach your software which is either DNA Essentials or Advantage which has 3,5,7 term, So you will get term license feature along with perpetual license. For example: In CCD, if you order a cold coffee i.e Devils own, it will come with coffee, Choco sauce (which is perpetual), Add-on is Whipped cream which is chargeable (Add-on is good to add as it will make the coffee much tastier). Hope that made sense :)
4- i got, i can buy Cisco one licenses (essential or advantage) that is perpetual and include all features in DNA (essential or advantage), is it correct?
Ans 4: Cisco ONE Advantage is one you should go for not essentials as support will be limited to 50 routing licenses with essentials, So, Cisco 1 Advantage is a way to go which is renamed to DNA Premier as of now. So you have to purchase that along with your hardware and you don't have to include anything, Everything will be covered with DNA Premier licensing , all routing, advanced security features which can be maximum included, Hence Premier pricing is high!
5- "Network Essentials and Advantage are perpetual and not required for vEdge" this happen if i use C1? if yes, i should buy ISR 4431 with IOS-XE SDWAN and buy C1, and everything will be ok??
Ans:- This depends how you are going to manage your SDWAN, Cloud Management with vManage is the preferred option for customers who wish to simplify WAN deployments, accelerate digital transformation, and move toward intent-based WAN. On Prem Manages WAN using Cisco DNA Center. The subscription for the Cisco vEdge platform includes entitlement for vManage On-prem. To make it simple you should or its recommended to purchase DNA Premier and choose how you want to manage ONprem/Cloud, Cloud mgmt will work with vManage. If you have old device ISR4k then add DNA advantage to it or purchase DNA Premier with ISR 4431 then you are all set, Read this whitepaper below and you will be able to set up SDWAN for your branches, Good Luck.
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/sd-wan/white-paper-c11-741071.pdf

Thanks for your reply
thanks because of time you spent to reply to my questions

regards

Could you please clarify following. If İ would like to use SD-WAN hub and spoke IPSEC VPN Will esential license support it ?