This compatibility matrix shows supported switches that can be onboarded as Policy Enforcement Points (Virtual Edge Nodes) as well as switches that can host our Virtual Edge Container. The matrix also details firewalls that support integration with Elisity Cloud Control Center.
Switches That Support Hosting Virtual Edge Container
Cisco
| Model | Minimum Recommended IOS Code | Supports Hosting Virtual Edge Container |
| Catalyst 9300 Series | 17.9.4 | -png.png){kind=small} |
| Catalyst 9300L Series | 17.9.4 | |
| Catalyst 9400 Series | 17.9.4 | |
Please review the Switch Hosted Deployment Guide to learn more about SSD requirements for deploying Virtual Edge hosted by a switch.
Switches Supported as Virtual Edge Nodes for Policy Enforcement
Cisco
| Model | Minimum Recommended IOS Code |
Supported as Virtual Edge Node in any Deployment Model |
| 16.10.1 | |
|
| 16.10.1 | |
|
| 16.10.1 | |
|
| Catalyst 9300 Series | 16.10.1 | |
| Catalyst 9300L Series | 16.10.1 | |
| Catalyst 9400 Series | 16.10.1 | |
| Catalyst 9500 Series | 16.10.1 | |
| Catalyst 9600 Series | 16.10.1 |
|
| Catalyst 3850 Series | 3.07.05E |
|
|
3.07.05E |
|
|
|
17.9.4 |
|
|
|
17.9.4 |
|
Notes:
- The recommended IOS code listed for each switch in the above chart is based on Elisity's comprehensive QA testing. Older versions of code may still operate with potential caveats.
- Any switch on the list above can be onboarded to any Elisity Virtual Edge (either Hypervisor-Hosted Virtual Edge or Switch-Hosted Virtual Edge)
- Cisco StackWise Virtual is supported.
- Access switches at the edge are typically onboarded as Virtual Edge Nodes (policy enforcement points), however some environments may not have supported access switches at the edge. This does not preclude you from leveraging Elisity Identity based Microsegmentation since enforcement can happen at the aggregation layer as well so long as the aggregation switches are found as a supported platform in the chart above. See this guide for design details.
Arista
Notes:
- Please refer to the Onboarding Arista Switches as a Virtual Edge Node article for caveats.
Juniper
Notes:
- Please refer to the Onboarding Juniper EX4400 (via Juniper Mist) article for caveats regarding onboarding via Juniper Mist.
- Please refer to the Onboarding Juniper EX4400 (Direct Switch Integration) article for caveats regarding onboarding switches directly as a Virtual Edge Nodes.
HPE Aruba
| Model | Min HPE Code |
Supported as Virtual Edge Node in any Deployment Model |
|
10.11+ |
Only Virtual Edge VM Deployment Model | |
|
10.11+ |
Only Virtual Edge VM Deployment Model | |
|
10.11+ |
Only Virtual Edge VM Deployment Model |
Hirschmann
| Model | Min Hirschmann Code |
Supported as Virtual Edge Node in any Deployment Model |
| OS2x |
Octopus 2 |
Only Virtual Edge VM Deployment Model |
Firewalls Supporting Integration with Cloud Control Center
Palo Alto Networks
| Model | Minimum Recommended PAN-OS Code |
| Palo Alto Networks VM Series | 10.2+ |
| Palo Alto Networks NGFW | 10.2+ |
| Palo Alto Panorama | 10.2+ |
Notes:
- Please refer to the Palo Alto Networks Firewall Integration - Policy Group Derived Dynamic Address Groups (DAG) article for more information.