Versa FlexVNF

Versa FlexVNF

The Versa Networks VNF solution – Versa FlexVNF – allows service providers and large enterprises to transform the WAN and branch network to achieve unprecedented business advantages. Versa’s software-based approach provides unmatched agility, cost savings and flexibility vs. traditional network hardware. For service providers, Versa FlexVNF enables next-generation managed services for virtual customer premises equipment (vCPE), managed software-defined WAN (SD-WAN) and managed security. For enterprises, it provides carrier-grade solutions for SD-WAN and branch security projects.



  • IPv4 and IPv6 Address Management (IPAM): DHCP- Client, Relay and Server
  • IPv4 and IPv6 Routing: Static routing, Bidirectional Forwarding Detection (BFD), VRRP, Routing Instances (VRF/Multi-VRF), OSPF, BGP, MP-BGP, ECMP, PolicyBased Forwarding
  • QoS/HQoS: Classification, Marking, Rate-Limiting, Scheduling, Queuing, Shaping
  • CG-NAT: Static NAT, Dynamic NAT, NAPT, Destination NAT, Static NAT with Port Translation, Inter-Tenant NAT, ALG support: FTP, TFTP, PPTP, SIP, ICMP, IKE
  • Stateful Firewall: Zone-based, Address Objects, Address groups, Rules, Policies, DDoS (TCP/UDP/ICMP Flood), Syn-cookies, Portscans, ALG support: SIP, FTP, PPTP, TFTP, ICMP
  • Application Visibility: Identify more than 2000+ applications and protocols, Application group support, Application filter support. Application visibility and log support
  • Next-generation Firewall(NGFW): Application Identity (AppID) based policy rules, IP Blacklisting, Whitelisting, Geo-IP, Customer App-ID signatures, SSL certificate-based protection, Expired certificates, untrusted CAs, Unsupported cyphers and key lengths
  • Anti-Virus- Network/Flow based protection with auto signature updates. HTTP, FTP, SMTP, POP3, IMAP, MAPI support
  • URL Filtering: URL categories & reputation, including customer-defined, Cloud-based lookups, Policy trigger based on URL category, URL profile (blacklist, whitelist, category, reputation), Captive portal response including customer defined. Actions include block, inform, ask, justify, and override
  • IDS/IPS: Default & customer defined signatures & profiles. Versa & Snort rule formats, L7 DDoS. Security package with incremental updates. Full, incremental (daily) & real-time threat (every hour)
  • Software-Defined WAN: Secure, zero touch branch provisioning, Template-based policies with parameterization, Centralized route, policy enforcement, L7 Application SLA enforcement over network link SLAs with QoS, Intelligent path selection – default and user-defined, load balance across WAN links, various overlays including MPLS over VXLAN, IPsec over VXLAN, redundant SD-WAN controller, seamless integration with existing WAN optimization devices and branch routers
  • VPN- Site-to-Site, Route/Policy based VPN, IKEv2, IKEv1, DPD, PFS Confidentiality algorithms: Tunnel mode ESP with AES-128, AES-256 Modes: CBC, XCBC, GCM Authentication & Integrity: Pre-shared and PKI Authentication with RSA certificates, hashing, Diffie Hellman key exchange
  • Load Balancing: Layer 4 load balancing, monitoring, persistence, Deployment modes: Transparent, Routed and Direct Server Return


CPE Deep Packet Inspection (DPI) / Traffic Shaping / Policy Enforcement Firewall (FW) Router Security Appliances / Security Software / Intrusion Prevention System (IPS) / Intrusion Detection System (IDS) Wide Area Network (WAN) Optimization DPDK Intel QuickAssist Technology Open Daylight