Skip to main content



Cisco Defense Orchestrator

About Virtual Routing and Forwarding

About VRF

Virtual routing and forwarding (VRF) allows multiple instances of a routing table to exist in a router. Firepower Version 6.6 introduces the ability to have a default VRF table, and user-created VRF tables. A single VRF table can handle multiple types of varying routing protocols, such as EX, OSPF, BGP, IGRP, etc. Each routing protocol within a VRF table is listed as an entry. In addition to handling multiple types of common routing protocols, you can configure a routing protocol to reference an interface from another VRF. This allows you to segment network paths without using multiple devices.

At this time, CDO currently supports read-only functionality for VRF static routes. You must create and manage VRF tables through FDM. See About Virtual Routers and Virtual Routing and Forwarding (VRF) for more information. 


This feature is new to Firepower Version 6.6. You must either onboard a device running Version 6.6., or update a device to Version 6.6. and then configure the VRF static route, then deploy changes and synchronize to CDO.

CDO only reads and supports the default VRF table. This includes any static route entries the table may have, although the Routing page in CDO does not display any of the entries. The global VRF is shown as a single static route entry.

To view the global VRF in CDO, select the device from the Devices & Service page and select Routing from the Management pane located to the right of the window. From here, you can view and delete the global VRF; note that CDO retains the name of the VRF when reading the configuration from FDM. Any other configuration changes must be made through FDM.

  • Was this article helpful?