Comparing the SD-WAN Licensing Needs of Major Vendors

Comparing the SD-WAN Licensing Needs of Major Vendors_Megaport Blog Graphic

With more enterprises adopting SD-WAN technology, SD-WAN vendor support can be a key to success. We break down the licensing of three major SD-WAN vendors.

As Megaport launches and expands our global SD-WAN coverage with Megaport Virtual Edge (MVE), SD-WAN vendor support is a key requirement and understanding the relevant licensing needs per vendor and per customer use case becomes very important to fully realizing the benefits of MVE, which can include better network performance and security, reduced operating costs, and simplified network management.

Let’s review the licensing approaches of each of Megaport’s partner SD-WAN vendors:

Cisco SD-WAN

Cisco DNA Software for SD-WAN is composed of Cisco DNA Essentials, DNA Advantage, and DNA Premier all with varying levels of SD-WAN features available.

The only supported Software-​Defined Cloud Interconnect (SDCI) license types (a.k.a. Cisco SD-WAN for MVE are Cisco DNA Advantage and Cisco DNA Premier. These licenses support the Catalyst 8000V image which is needed for MVE.

Existing Cisco customers would utilize their current DNA Advantage or DNA Premier licenses for installation of the Megaport Virtual Edge service.

The terms for DNA Advantage are three, five, or seven years while for DNA Premier it is a three or five year subscription option.

In addition, the bandwidth selection process for the Catalyst 8000V has been simplified where the choices are now simply Tier 2 and Tier 3 bandwidth options.

Tier 2: Up to 1 Gbps (Suitable for Small and Medium MVE instances)

Tier 3: Up to 10 Gbps (Suitable for Large MVE instances)

Understanding the world of Cisco SD-WAN and Routing Software Subscriptions

For reference, the Catalyst 8000V license tiers and bandwidth options are detailed below:

DNA Cat 8K License TierBandwidth
DNA-C8KV-T2-A-SDCIUp to 1 Gbps
DNA-C8KV-T3-A-SDCI> 1 Gbps

As a summary, if you wish to provision Cisco SD-WAN using Megaport, you simply choose the bandwidth needed, the term of the license and what feature set is required between DNA Advantage and Premium.

For further information please refer to:

Cisco DNA Software SD-WAN and Routing Matrices

Cisco Catalyst 8000V Edge Software Ordering Guide

Fortinet Fortigate-VM

The Fortinet approach to FortiGate-VM licensing is simply based on the number of virtual CPU’s configured in the applicable MVE service. The SD-WAN components of FortiGate and FortiOS do not need any additional licensing or bundles (it is still advised to procure the SD-WAN orchestrator license for easy deployment and management of edge devices).

The RAM/memory restriction no longer applies for FortiOS 6.2.2 and later versions, Megaport supports FortiOS 6.4.4, so there are no additional RAM/memory licensing requirements for the MVE service.

As a reminder, the MVE vCPU options are as follows:

Small: Two (2) vCPUs

Medium: Four (4)  vCPUs

Large: Eight (8)  vCPUs

FortiGate-VM offers a perpetual licensing option (normal series and V-series) as well as an annual subscription option (S-series).

Normal and V-series licenses are perpetual. You’ll need to contract separately for support services.

The annual S-series license contains the Fortinet-VM base package and a FortiCare service bundle with the support service options as follows:

  • Only FortiCare
  • Unified Threat Management (UTM)
  • Enterprise
  • 360 protection

You can read the full details here.

For example, for a small MVE with 2 vCPUs, your options would be FG-VM02, FG-VM02V, or FG-VM02S.

The “V” suffix means no virtual domains (VDOMs) by default and the “S” suffix is a subscription-based license. If a license has no letter at the end, it means it’s a perpetual license.

For the perpetual or “V” license option,you would then choose the applicable additional security features like Intrusion Protection System (IPS), antivirus, sandboxing, and others if required.

Versa Networks

Versa offers licenses based on feature set requirements as well as the bandwidth that the specific device is allowed to consume. Each Versa Operating System (VOS) device that you deploy as a customer-premises equipment (CPE) is associated with a license.

Like all vendors the feature set on offer depends on the specific solution tier with more features increasing the cost of the license.

The breakdown is as follows, with each tier being cumulative:

  • Pro Net: Basic and advanced routing features which are Layer 2 bridging, carrier-class Layer 3 routing, bridging, Layer 4 security, universal customer-premises equipment (uCPE), and zero-touch provisioning (ZTP)
  • Prime SD-WAN: All Pro Net tier features plus SD-WAN connectivity, application identification (App ID), application policy-based forwarding, and traffic engineering
  • Prime Secure SD-WAN: All Prime SD-WAN tier features plus next-generation firewall (NGFW), which provides Layer 7 security, Secure Socket Layer (SSL) proxy (for captive portal), and application delivery controller (ADC) and traffic load balancer (TLB) (for reverse proxy)
  • Premier Secure SD-WAN: All Prime Secure SD-WAN tier features plus application performance optimization for best application experience
  • Premier Elite SD-WAN: All Premier Secure SD-WAN tier features plus unified threat management (UTM) and transmission control protocol (TCP) optimization.

Bandwidth requirements

In addition to the features needed, each VOS device has a limit on traffic. For SD-WAN deployments, this is measured across the WAN interfaces. The VOS device tracks the 95th percentile for both receive (RX) and transmit (TX) traffic on the WAN interfaces. It then uses the higher of the two values to calculate the amount of bandwidth used by each WAN interface.


Rarely does a one-size-fits-all approach work for a customer when it comes to deploying an SD-WAN solution. Many have different bandwidth, performance, features, and support requirements driven by various use cases as well as business needs. We hope this primer on the differences in licensing between major SD-WAN vendors will help you better understand the packages you’ll need to select to deploy Megaport Virtual Edge within your SD-WAN solutions and begin optimizing and modernizing your WAN, reducing operating costs, and improving network performance and security.

Gary Taylor
Solutions Architect

Filed under: Blog Partners

Get the latest cloud insights delivered.