Platform and Interface Enhancements for Threat Defense Virtual

Dynamic Disk Expansion Support for Threat Defense Virtual

Starting with Release 10.0.0, Threat Defense Virtual supports dynamic disk expansion across all virtual platforms. This feature helps optimize disk utilization on high-end systems (for example, systems with 64 CPU / 128 GB RAM) where large core dump files, approximately 16 GB in size, previously caused disk space alerts.


Note

Before resizing the disk on Threat Defense Virtual, you must first increase the disk size from the cloud console.

  • Default Disk Size: New Threat Defense Virtual deployments use a 100 GB virtual disk, increased from the previous 48.5 GB size.

  • Expansion Range: Disk size can be expanded up to 500 GB as per requirement.

  • Supported Scenarios: Disk expansion is supported on both new and upgraded Threat Defense Virtual instances.

  • After the first boot, users can re-size the disk using the CLI command:

    resize_disk -s <total_size>

    Example: resize_disk -s 500


    Note

    • Disk resizing is not supported during the first boot.

    • If downgraded after resizing, the disk size remains expanded (does not revert to 48.5 GB).
Table 1. Threat Defense Virtual Disk and Partition Sizes for New Deployments

Partition

Description

7.7 and below

10.0.0 onwards

Change

Total Disk Size

48.5 GB

100 GB

+51.5 GB

sda1

Boot partition

500 MB

2 GB

+1.5 GB

sda2

Disk0

8 GB

12 GB

+4 GB

sda3

Extended partition

sda5

Swap

4 GB

8 GB

+4 GB

sda6

rootfs A

4 GB

8 GB

+4 GB

sda7

rootfs B

4 GB

8 GB

+4 GB

sda8

/ngfw/Volume (logs, core files, and so on.)

28 GB

62 GB

+34 GB

Note

Disk expansion up to 500 GB is supported from version 10.0.0 onwards.

Note

Threat Defense Virtual does not support additional virtual hard disks. Attaching extra disks may result in slow boot performance.

Interface Name Change

Starting with Release 10.0.0, Threat Defense Virtual uses a standardized interface naming convention across all virtual platforms.

Previous naming convention: GigabitEthernet0/x or TenGigabitEthernet0/x

New naming convention: Ethernet0/x

  • Configuration Option:

    To revert to the previous naming format, use the following parameter in the Day 0 configuration:

    "IfNamingConvention": "Old"   // for legacy naming
"IfNamingConvention": "New"   // for standardized naming

  • Scope: This change applies to new deployments only.

  • Interface names displayed in the management console, CLI, and Management Center UI follow the new naming format.

    Devices that are upgraded to Release 10.0.0 retain their original interface names to ensure configuration consistency.

Adding nodes to clusters and high availability after upgrading to 10.0

If you want to add a new node to a cluster or form a high availability pair after upgrading from version 7.7.0 or earlier to 10.0, ensure that you include the "IfNamingConvention": "Old" key-value pair in the Day 0 configuration file of the new node. This is necessary because upgraded devices retain legacy interface naming conventions (such as GigabitEthernet or TenGigabitEthernet), and without this key-value pair, interface naming mismatches will prevent new nodes from joining the upgraded cluster or forming an HA pair with an upgraded node.

Diagnostic Interface Removal

Starting with version 10.0.0, Threat Defense Virtual supports deployment with three interfaces (3NIC) across all virtual platforms. Day 0 configuration should include the key-value pair Diagnostic: OFF.

  • You can control the inclusion of the diagnostic interface during deployment using the following Day 0 configuration parameter:

    "Diagnostic": "ON"   // Adds the diagnostic interface  
"Diagnostic": "OFF"  // Removes the diagnostic interface

    Note
    This is applicable to new deployments only.

  • Existing deployments that are upgraded to Release 10.0.0 retain their current diagnostic interface configuration.

Day0 configuration for Threat Defense Virtual with three NICs

Threat Defense Virtual Day0 start-up script example:
{
	"AdminPassword": "E28@2OiUrhx!",
	"Hostname": "ciscoftdv",
	"FirewallMode": "routed",
	"ManageLocally": "No",
	"Diagnostic": "OFF"
}