Comparing the SD-WAN Licensing Needs of Major Vendors

Comparing the SD-WAN Licensing Needs of Major Vendors

With more enterprises adopting SD-WAN technology, SD-WAN vendor support can be a key to success. We break down the licensing of five major SD-WAN vendors.

As Megaport launches and expands our global SD-WAN coverage with Megaport Virtual Edge (MVE), SD-WAN vendor support is a key requirement and understanding the relevant licensing needs per vendor and per customer use case becomes very important to fully realizing the benefits of MVE, which can include better network performance and security, reduced operating costs, and simplified network management.

Let’s review the licensing approaches of each of Megaport’s partner SD-WAN vendors:

Cisco logo

Cisco SD-WAN

Cisco DNA Software for SD-WAN is composed of Cisco DNA Essentials, DNA Advantage, and DNA Premier all with varying levels of SD-WAN features available.

The only supported Software-Defined Cloud Interconnect (SDCI) license types (a.k.a. Cisco SD-WAN for MVE) are Cisco DNA Advantage and Cisco DNA Premier. These licenses support the Catalyst 8000V image which is needed for MVE.

Existing Cisco customers would utilize their current DNA Advantage or DNA Premier licenses for installation of the Megaport Virtual Edge service.

The terms for DNA Advantage are three, five, or seven years while for DNA Premier it is a three or five year subscription option.

In addition, the bandwidth selection process for the Catalyst 8000V has been simplified where the choices are now simply Tier 2 and Tier 3 bandwidth options.

Tier 2: Up to 1 Gbps (Suitable for Small and Medium MVE instances)

Tier 3: Up to 10 Gbps (Suitable for Large MVE instances)

Understanding the world of Cisco SD-WAN and Routing Software Subscriptions

For reference, the Catalyst 8000V license tiers and bandwidth options are detailed below:

DNA Cat 8K License TierBandwidth
DNA-C8KV-T2-A-SDCIUp to 1 Gbps
DNA-C8KV-T3-A-SDCI> 1 Gbps

As a summary, if you wish to provision Cisco SD-WAN using Megaport, you simply choose the bandwidth needed, the term of the license and what feature set is required between DNA Advantage and Premium.

For further information please refer to:

Fortinet logo

Fortinet Fortigate-VM

The Fortinet approach to FortiGate-VM licensing is simply based on the number of virtual CPU’s configured in the applicable MVE service. The SD-WAN components of FortiGate and FortiOS do not need any additional licensing or bundles (it is still advised to procure the SD-WAN orchestrator license for easy deployment and management of edge devices).

The RAM/memory restriction no longer applies for FortiOS 6.2.2 and later versions, Megaport supports FortiOS 6.4.4, so there are no additional RAM/memory licensing requirements for the MVE service.

As a reminder, the MVE vCPU options are as follows:

Small: Two (2) vCPUs

Medium: Four (4) vCPUs

Large: Eight (8) vCPUs

FortiGate-VM offers a perpetual licensing option (normal series and V-series) as well as an annual subscription option (S-series).

Normal and V-series licenses are perpetual. You’ll need to contract separately for support services.

The annual S-series license contains the Fortinet-VM base package and a FortiCare service bundle with the support service options as follows:

  • Only FortiCare
  • Unified Threat Management (UTM)
  • Enterprise
  • 360 protection

You can read the full details here .

For example, for a small MVE with 2 vCPUs, your options would be FG-VM02, FG-VM02V, or FG-VM02S.

The “V” suffix means no virtual domains (VDOMs) by default and the “S” suffix is a subscription-based license. If a license has no letter at the end, it means it’s a perpetual license.

For the perpetual or “V” license option,you would then choose the applicable additional security features like Intrusion Protection System (IPS), antivirus, sandboxing, and others if required.

Versa Networks logo

Versa Secure SD-WAN

Versa offers licenses based on feature set requirements as well as the bandwidth that the specific device is allowed to consume. Each Versa Operating System (VOS) device that you deploy as a customer-premises equipment (CPE) is associated with a license.

Like all vendors, the feature set on offer depends on the specific solution tier with more features increasing the cost of the license.

The breakdown is as follows, with each tier being cumulative:

  • Pro Net: Basic and advanced routing features which are Layer 2 bridging, carrier-class Layer 3 routing, bridging, Layer 4 security, universal customer-premises equipment (uCPE), and zero-touch provisioning (ZTP)
  • Prime SD-WAN: All Pro Net tier features plus SD-WAN connectivity, application identification (App ID), application policy-based forwarding, and traffic engineering
  • Prime Secure SD-WAN: All Prime SD-WAN tier features plus next-generation firewall (NGFW), which provides Layer 7 security, Secure Socket Layer (SSL) proxy (for captive portal), and application delivery controller (ADC) and traffic load balancer (TLB) (for reverse proxy)
  • Premier Secure SD-WAN: All Prime Secure SD-WAN tier features plus application performance optimization for best application experience
  • Premier Elite SD-WAN: All Premier Secure SD-WAN tier features plus unified threat management (UTM) and transmission control protocol (TCP) optimization.

Bandwidth requirements

In addition to the features needed, each VOS device has a limit on traffic. For SD-WAN deployments, this is measured across the WAN interfaces. The VOS device tracks the 95th percentile for both receive (RX) and transmit (TX) traffic on the WAN interfaces. It then uses the higher of the two values to calculate the amount of bandwidth used by each WAN interface.

VMware logo


VMware’s SD-WAN Edge licensing consists of 4 components, namely:

  • Bandwidth
  • Edge software edition (feature set)
  • Gateway regional geolocation
  • Term.

Each component is summarized below:

ComponentSupported Attributes
Bandwidth10M, 30M, 50M, 100M, 200M, 500M, 1G, 2G, 5G, 10G
EditionsStandard, Enterprise, Premium
RegionNorth America, Europe Middle East and Africa, Latin America, Asia Pacific
Term1 Year, 3 Years, 5 Years

Edge Licensing allows a customer to link a software subscription to a specific Edge device.

Here are the VMware SD-WAN Edition types:

FeatureStandard SubscriptionEnterprise SubscriptionPremium Subscription
VMware SD-WAN Orchestrator
Dynamic Multi-Path Optimization (DMPO)
Number of Edges supportedUnlimitedUnlimitedUnlimited
Maximum number of Data Segments4128128
Maximum number of profiles4UnlimitedUnlimited
Partner Gateway Support
Virtual services orchestration for NGFW deployment on Edges
Cloud Gateway to SaaS and Cloud Security Service (without tunneling)
Cloud Gateway to legacy DCs, IaaS, or Cloud Security Service via tunnels (non-SD-WAN destinations)Add-onAdd-on
Direct Edge to Internet/Cloud Security Service (BGP over IPsec*)
Automated tunnel setup via API to IaaS or third-party Cloud Security ServiceFrom EdgeFrom Edge or Gateway
Hub clustering
Gateways as Cloud VPN Hub
Auto VPN setupHub to SpokeHub to spoke plus dynamic B2BHub to spoke plus dynamic B2B
Customizable business and security policy
Path visibilityLast-mileLast-mile plus site-to-siteLast-mile plus site-to-site
Wired/wireless/LAN/WAN analytics with ENIAdd-onIncludes 1 node, additional nodes available as add-onIncludes 2 node, additional nodes available as add-on

For example, if you are provisioning an MVE to act as a private on-ramp to a Cloud Provider like Azure, AWS, or GCP, then the minimum subscription needed would be Standard. Alternatively, an enterprise-wide design using both Cloud Gateways and MVE may require a mix of Enterprise and Premium licensing to optimize resiliency and traffic shaping policies. If you are provisioning an MVE to act as an IPSEC gateway to a private network via a 1Gb, 10Gb or 100Gb Megaport only then you can also use the Standard subscription.

VMware provides the option for either POC or Production Deployments.

POC Deployments

If a customer wants to runs a Proof of Concept, a POC license is available for this purpose with the following attributes:

RegionNorth America, Europe, Middle East, Africa, Latin America, Asia Pacific
Term5 years

Production Deployments

When an Edge is deployed in a production environment, the license type assigned should align with the software subscription purchased. For example, if the subscription SKU “NB-VC100M-PRE-HO-HG-L34S312P-C” was purchased for use with the Edge being configured, the correct license type attributes as highlighted would be as follows:

Bandwidth: 100M
Edition: Premium
Term: 1 Year
(HO: Hosted Orchestrator)

For more information, visit VMware Docs here.

Aruba logo

Aruba EdgeConnect SD-WAN

Aruba has a simple licensing approach which is valid for EdgeConnect Physical, Virtual, and Cloud based deployments.

Every EdgeConnect SD-WAN License supports all features except for WAN Optimization and is based on bandwidth tiers as detailed below:

  • Unlimited bandwidth
  • 2Gbps (full duplex)
  • 1Gbps (full duplex)
  • 500Mbps (full duplex)
  • 200Mbps (full duplex)
  • 100Mbps (full duplex)
  • 50 Mbps (full duplex)
  • 20 Mbps (full duplex)

All licenses are fully upgradable.

The WAN Boost license is optional (unique per customer) and priced per 100Mbps and is shared across the SDWAN Matrix.

Learn more about creating an MVE integrated with Aruba in the Megaport Docs Portal.


Rarely does a one-size-fits-all approach work for a customer when it comes to deploying an SD-WAN solution. Many have different bandwidth, performance, features, and support requirements driven by various use cases as well as business needs. We hope this primer on the differences in licensing between major SD-WAN vendors will help you better understand the packages you’ll need to select to deploy Megaport Virtual Edge within your SD-WAN solutions and begin optimizing and modernizing your WAN, reducing operating costs, and improving network performance and security.

Related Posts

How Green Is Your Network?

How Green Is Your Network?

As the tech industry goes green, how does your network stack up – and how can you make it greener?

Read More
Cloud-Driven Innovations in Mexico and Latin America

Cloud-Driven Innovations in Mexico and Latin America

With its growing cloud market, Mexico and Latin America are fast becoming one of the international hubs of cloud-driven innovation in IT.

Read More
Megaport Virtual Edge Upgrades Enable Palo Alto Networks Firewalls and More

Megaport Virtual Edge Upgrades Enable Palo Alto Networks Firewalls and More

Megaport’s latest Megaport Virtual Edge (MVE) enhancements mean higher performance, more choice, and additional security partner options for customers.

Read More