SDWAN FW deployment

cloudlogics · ‎10-13-2022

I am testing SD-WAN Fire Wall feature in the lab. Lab has cEdges (8Kv) at multiple sites. I am trying to test the security policy. I have virtual FW image uploaded to vManage and I have created a FW policy (no other features for now) and attached it to the device template for 1 site. I see that the Security policy config gets deployed to the device but the actual FW is not installed. cEdge is 4 CPUs with 8G RAM.

SITE2#sh app-hosting list
The process for the command is not responding or is otherwise unavailable

I see the following msgs in the vManage logs:

13-Oct-2022 14:18:46,562 UTC INFO [] [AppHostingDeviceDataCollector] (device-data-collection-234) || App Hosting is deleted/doesn't exist on end device-10.255.0.4. Settings availableServices as empty in devicenode
13-Oct-2022 14:18:46,562 UTC INFO [] [AppHostingDeviceDataCollector] (device-data-collection-234) || Updating device node with App Hosting's InstalledServiceInfo InstalledServiceInfo [nfType=app-hosting, nfvType=N/A, state=UNINSTALLED, version= N/A] for device-10.255.0.4

akoukis · ‎10-17-2022

Hello,

for ZBFW you don't need a Security Virtual Image you need it for IPS, URL Filtering and for AWP.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/security-overview.html#id_118808

If you want to use the UTD you have to configure at list one of the IPS, URL Filtering and AWP, then on the Device Template with Security Policy you will see the Container Profile.

Also keep in mind it is suggested the UTD version to much with the IOS-XE version.

Best Regards

Anestis