: Launch the VM-Series Firewall on NSX-T (East-West)
Focus
Focus

Launch the VM-Series Firewall on NSX-T (East-West)

Table of Contents

Launch the VM-Series Firewall on NSX-T (East-West)

Learn how to launch the VM-Series firewall on NSX-T using a security-centric deployment.
Complete the following procedure to deploy the VM-Series firewall as a service in your NSX-T environment. The
Deployment Specification
and
Deployment Template
fields are automatically populated with information pushed from Panorama as part of the service definition.
Do not edit any settings under Deployment Attributes. These values are imported from Panorama and changing them causes the deployment to fail.
  1. Log in to the NSX-T Manager.
  2. Select
    System
    Service Deployments
    Deployment
    .
  3. Select your service definition from the
    Partner Service
    drop-down.
  4. Click
    Deploy Service
    .
  5. Enter a descriptive
    Name
    for your service deployment.
  6. Select the
    Compute Manager
    (vCenter).
  7. Select a
    Deployment Type
    Clustered
    or
    Host Based
    .
  8. If you selected
    Clustered
    as the
    Deployment Type
    , enter the
    Clustered Deployment Count
    to specify the number of VM-Series firewall instances to deploy on the cluster.
  9. Select a
    Host
    if you are launching the VM-Series in a clustered deployment. Select a particular host from the
    Host
    drop-down or
    Any
    to allow NSX-T Manager to choose the host. This option is grayed out in
    Host Based
    deployments.
  10. Select a
    Data Store
    as the repository for the VM-Series firewall. In a clustered deployment, select a shared data store if you choose
    Any
    for the host or select a local data store if you specified a particular host.
  11. Configure the
    Networks
    settings.
    1. In the Networks column, click
      Set
      .
    2. Select the
      Network
      for
      eth0 - Management Nic
      .
    3. Select the
      Network Type
      —DHCP or Static IP Pool. If you choose Static IP Pool, select an
      IP Pool
      .
    4. Check
      eth1 - Data-1 Nic
      .
    5. Verify that both interfaces are checked.
    6. Click
      Save
      .
  12. Select or configure a
    Service Segment
    . To configure a service segment, complete the following procedure.
    1. Click
      Action
      in the
      Service Segments
      column.
    2. Click
      Add Service Segment
      .
    3. Enter a descriptive
      Name
      .
    4. Select a
      Transport Zone (Overlay)
      .
      The VM-Series firewall must be attached to an Overlay transport zone. Guest VMs can be attached to a VLAN or Overlay transport zone. The transport node hosting the guest VMs and the VM-Series must be configured with an Overlay transport zone.
    5. Click
      Save
      and
      Close
      .
  13. Select the
    Cluster
    where the service will be deployed. You must select a cluster with
    NSX Configuration
    .
  14. Click
    Save
    .
  15. Verify that your firewalls deployed successfully.
    1. Select
      System
      Service Deployments
      Service Instances
      .
    2. Confirm that your firewalls are listed and the
      Deployment Status
      shows
      Up
      .
  16. Verify that your firewalls connected to Panorama.
    1. Log in to Panorama.
    2. Select
      Panorama
      Managed Devices
      Summary
      .
    3. Confirm that your firewalls are listed under the correct device group and the
      Device State
      shows
      Connected
      .
      The Device Name for the VM-Series firewall is displayed on Panorama as
      PA-VM:<nsx.clusterid>
      for NSX-T (N-S) deployment and as
      PA-VM:<nsx.servicevmid>
      for NSX-T (E-W) deployment.
  17. Set a secure password for the admin account on your VM-Series firewalls.
    Each VM-Series firewall uses a default username and password (admin/admin), which is used for initial login. Upon logging in for the first time, you are prompted to set a new, more secure password. The new password must be a minimum of eight characters and include a minimum of one lowercase and one uppercase character, as well as one number or special character.
    You can update the password on each firewall individually or all at once through Panorama.
    • Panorama
      —on Panorama, you can change the default password for all firewalls in a template or delete the admin user and create a new username and password.
      1. Log in to Panorama
      2. Select
        Device
        Administrators
        and select the
        admin
        user.
      3. Delete
        the user or click the user and enter a new password.
      4. If you changed the password, click
        OK
        .
      5. Select
        Commit
        Push to Devices
        Edit Selections
        Force Template Values
        .
      6. Click
        OK
        .
    • Firewall
      —this procedure must be repeated on each VM-Series firewall.
      1. Log in to the VM-Series firewall using the default username and password.
      2. Follow the prompts to reset the password.

Recommended For You