: Deploy the VM-Series Firewall
Focus
Focus

Deploy the VM-Series Firewall

Table of Contents
End-of-Life (EoL)

Deploy the VM-Series Firewall

After registering the VM-Series firewall as a service (Palo Alto Networks NGFW) on the NSX-V Manager and creating security groups and steering rules, complete the following tasks on the NSX-V Manager.
Support for vMotion of guest virtual machines in the vSphere/NSX-V Environment
When a guest VM is vMotioned from one host to another within a cluster, the target host NSX-V distributed firewall will steer all new sessions to the VM-Series firewall on the destination host. To ensure that all active (existing sessions) remain uninterrupted during and after the guest vMotion, the NSX-V Manager polls the VM-Series firewall for existing allowed sessions and then shares these sessions with the NSX-V distributed firewall on the destination host. All existing sessions that were allowed by the original VM-Series will be allowed  by the NSX-V distributed firewall (filtering module) on the destination host without steering to the target host VM-Series firewall to prevent session loss.
The VM-Series firewall runs as a service on each host of the cluster and therefore is never vMotioned.

Recommended For You