: Deploy the VM-Series Firewall
Focus
Focus

Deploy the VM-Series Firewall

Table of Contents
End-of-Life (EoL)

Deploy the VM-Series Firewall

Learn how to deploy the VM-Series firewall on VMware NSX-T.
After completing the configuration on Panorama, perform the following procedure to launch the VM-Series firewall in your NSX-T Data Center.
When deploying the VM-Series firewall on NSX-T in high availability, both firewalls are deployed to the same Device Group and Template Stack.
  1. Log in to NSX-T Manager.
  2. Select
    System
    Service Deployments
    Deployment
    .
  3. Select your service definition from the
    Partner Service
    drop-down.
  4. Click
    Deploy Service
    .
  5. Enter a descriptive
    Service Deployment Name
    for your VM-Series firewall.
  6. Select a tier-0 or tier-1 router under
    Attachment Points
    . NSX-T Manager attaches the VM-Series firewall to the selected router and redirects traffic passing through that router to the VM-Series firewall for inspection. You must select a router with no service insertion attached.
  7. Select a
    Compute Manager
    . The compute manager is the vCenter server managing your datacenter.
  8. Select a
    Cluster
    . You can deploy the VM-Series firewall on any cluster that does not include any Edge Transport Nodes.
  9. Select a
    Datastore
    .
  10. Configure your network settings.
    1. Click
      Edit Details
      in the
      Networks
      column.
    2. Select the
      Primary Interface Network
      .
    3. Enter the
      Primary Interface IP
      .
    4. Enter the
      Primary Gateway Address
      .
    5. Enter the
      Primary Subnet Mask
      .
    6. Click
      Save
      .
  11. NSX-T Manager prepopulates the
    Deployment Specification
    and
    Deployment Template
    based on the Partner Service you selected.
  12. Set the
    Failure Policy
    to Allow or Block. The failure policy defines how NSX-T Manager handles traffic that is directed to the VM-Series firewall if the firewall becomes unavailable.
  13. Select the
    Deployment Mode
    for your VM-Series firewall—Standalone or High Availability. If you have an edge node cluster and select High Availability, NSX-T Manager will deploy an additional VM-Series firewall on the standby edge node in addition to the firewall deployed on the active edge node.
  14. Click
    Save
    to deploy the VM-Series firewall.
  15. Verify that your firewalls connected to Panorama.
    1. Log in to Panorama.
    2. Select
      Panorama
      Managed Devices
      Summary
      .
    3. Confirm that your firewalls are listed under the correct device group and the
      Device State
      shows
      Connected
      .
      The Device Name for the VM-Series firewall is displayed on Panorama as
      PA-VM:<nsx.clusterid>
      for NSX-T (N-S) deployment and as
      PA-VM:<nsx.servicevmid>
      for NSX-T (E-W) deployment.
  16. Set a secure password for the admin account on your VM-Series firewalls.
    Each VM-Series firewall uses a default username and password (admin/admin), which is used for initial login. Upon logging in for the first time, you are prompted to set a new, more secure password. The new password must be a minimum of eight characters and include a minimum of one lowercase and one uppercase character, as well as one number or special character.
    You can update the password on each firewall individually or all at once through Panorama.
    • Panorama
      —on Panorama, you can change the default password for all firewalls in a template or delete the admin user and create a new username and password.
      1. Log in to Panorama
      2. Select
        Device
        Administrators
        and select the
        admin
        user.
      3. Delete
        the user or click the user and enter a new password.
      4. If you changed the password, click
        OK
        .
      5. Select
        Commit
        Push to Devices
        Edit Selections
        Force Template Values
        .
      6. Click
        OK
        .
    • Firewall
      —this procedure must be repeated on each VM-Series firewall.
      1. Log in to the VM-Series firewall using the default username and password.
      2. Follow the prompts to reset the password.

Recommended For You