Skip to main content



Cisco Defense Orchestrator

About Virtual Routing and Forwarding

About VRF

Virtual routing and forwarding (VRF) allow multiple instances of a routing table to exist in a router. Firepower Version 6.6 introduces the ability to have a default VRF table and user-created VRF tables. A single VRF table can handle multiple types of varying routing protocols, such as EX, OSPF, BGP, IGRP, etc. Each routing protocol within a VRF table is listed as an entry. In addition to handling multiple types of common routing protocols, you can configure a routing protocol to reference an interface from another VRF. This allows you to segment network paths without using multiple devices.

See About Virtual Routers and Virtual Routing and Forwarding (VRF) for more information. 


This feature is new to Firepower Version 6.6. When the FTD is onboarded to CDO, the device routing page reads and supports only the VRFs defined on the global router of the FTD device. To view the global VRF in CDO, select the device from the Devices & Service page and select Routing from the Management pane located to the right of the window. From here, you can view, modify, and delete the global VRF; note that CDO retains the name of the VRF when reading the configuration from FDM.

CDO doesn't read VRFs configured in the user-defined virtual routers. You must create and manage VRF tables through FDM. 

For information on global and user-defined routes, see the "Managing Virtual Routers" section in the "Virtual Routers" chapter of "Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 7.0 or later".

  • Was this article helpful?