Prepare Your ACI Environment for Integration

1. Deploy Panorama.
2. Deploy the firewall:

   • Physical firewall—Connect the firewall’s out-of-band management port to one leaf switch port and connect at least one firewall data interface to the switch. Firewall interfaces on a physical firewall are configured with VLANs to ensure connectivity to the correct networks. Deploy the firewall according to the platform-specific installation guide.
   • VM-Series firewall—When configuring the virtual hardware for the VM-Series firewall, set the port-group for the management interface. Each VM-Series firewall connected to the network requires its own virtual NIC. Deploy the VM-Series firewall based on your hypervisor.
3. Configure the management IP address on each firewall and Panorama:

   Perform initial configuration on:

   • Hardware-based firewall
   • VM-Series firewall
   • Panorama
4. Add your firewall(s) to Panorama as a managed device.
5. Install feature licenses on your firewalls:

   • Register and activate licenses on your physical firewall.
   • Register and activate licenses on your VM-Series firewall.
   • Manage firewall licenses using Panorama.
6. Establish Cisco ACI fabric and management connectivity:

   As part of this configuration, create a physical domain and VLAN namespace. Ensure that the data interfaces of any physical firewalls are part of the physical domain.
7. Create a Cisco ACI VMM domain profile.

   If you are using virtual machines or the VM-Series firewall, create a virtual machine monitor (VMM) domain profile for the VMware vSphere environment. The VMM domain specifies the connectivity policy between the vSphere and the ACI fabric.