This section allows you to configure VNFs and VNF Licenses. Virtual Network Functions (VNFs) are individual network services, such as routers and firewalls, running as software-only Virtual Machine (VM) instances on generic hardware.
Procedure
- In the SD-WAN service of the Enterprise portal, go to Configure > Network Services, and then under Edge Services area, expand VNFs.
- To configure a new VNF, click New or Configure VNF option.
Note: The Configure VNF option appears only when there are no items in the table.
- Enter a name for the VNF service and select a VNF type from the drop-down list.
- Configure the settings based on the selected VNF Type.
- For the VNF type Check Point Firewall, configure the following and click Save Changes.
Option Description Primary Check Point Mgmt Server IP Enter the Check Point Smart Console IP address that must connect to the Check Point Firewall. SIC Key for Mgmt Server Access Enter the password used to register the VNF to the Check Point Smart Console. Admin Password Enter the administrator password. VNF Image Location Enter the image location from where the SASE Orchestrator must download the VNF image. Image Version Select a version of the Check Point VNF image from the drop-down list. The image version is derived from the system property edge.vnf.extraImageInfos. File Checksum Type Displays the method used to validate the VNF image and is automatically populated after you select an image version. File Checksum Displays the checksum used to validate the VNF image and is automatically populated after you select an image version. The checksum value is derived from the system property edge.vnf.extraImageInfos. Download Type Choose the type of the image. For https, enter the Username and Password. For s3, enter the Access Key ID, Secret Access Key, and choose the Region. - For the VNF type Fortinet Firewall, configure the following and click Save Changes.
Option Description Fortinet Mgmt Server IP Enter the IP address of the FortiManager to connect to the FortiGate. Fortimanager Serial Number Enter the serial number of FortiManager. Registration Password Enter the password used to register the VNF to the FortiManager. VNF Image Location Enter the image location from where the SASE Orchestrator must download the VNF image. Image Version Select a version of the Fortinet VNF image from the drop-down list. The following options are available: 6.4.0, 6.2.4, 6.0.5, 6.2.0. The image version is derived from the system property edge.vnf.extraImageInfos. File Checksum Type Displays the method used to validate the VNF image and is automatically populated after you select an image version. File Checksum Displays the checksum used to validate the VNF image and is automatically populated after you select an image version. The checksum value is derived from the system property edge.vnf.extraImageInfos. Download Type Choose the type of the image. For https, enter the Username and Password. For s3, enter the Access Key ID, Secret Access Key, and choose the Region. - For the VNF type Palo Alto Networks Firewall, configure the following and click Save Changes.
Option Description Primary Panorama IP Address Enter the primary IP address of the Panorama server. Secondary Panorama IP Address Enter the secondary IP address of the Panorama server. Panorama Auth Key Enter the authentication key configured on the Panorama server. VNF uses the Auth Key to login and communicate with Panorama.
- For the VNF type Check Point Firewall, configure the following and click Save Changes.
- After configuring Palo Alto Networks as the VNF Type, define the VNF Licenses. These licenses are applied to one or more VNF configured Edges. To configure a VNF License, click New or New VNF License option, in the VNF Licenses area.
Note: The New VNF License option appears only when there are no items in the table.
- In the VNF License Configuration window, configure the following:
Option Description Name Enter a name for the VNF license. VNF Type Select the VNF type from the drop-down list. Currently, Palo Alto Networks Firewall is the only available option. License Server API Key Enter the license key from your Palo Alto Networks account. The SASE Orchestrator uses this key to communicate with the Palo Alto Networks license server. Auth Code Enter the authorization code purchased from Palo Alto Networks. Validate License Click to validate the configuration. - Click Save Changes.
Note:
- If you want to remove the deployment of Palo Alto Networks Firewall configuration from a VNF type, ensure that you have deactivated the VNF License of Palo Alto Networks before removing the configuration.
- Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page.
- The following are the other options available in the Edge Services area:
Option Description Delete Select an item and click this option to delete it. Columns Click and select the columns to be displayed or hidden on the page. Note: You can also access the New and Delete options by clicking the vertical ellipsis next to the item name in the table.