>
    Strata Copilot
    Create Template Stacks and Device Groups on Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on VMware NSX-T
    4. Create Template Stacks and Device Groups on Panorama
    Download PDF
    VM-Series

    Create Template Stacks and Device Groups on Panorama

    Table of Contents

    Create Template Stacks and Device Groups on Panorama

    Create template stacks and device groups to manage the configuration of your VM-Series firewalls on NSX.
    Where Can I Use This?What Do I Need?
    • VMware NSX
    • VM-Series Firewall License (BYOL)
    • Panorama
    • VM-Series plugin
    • Panorama plugin for NSX
    To manage the VM-Series firewalls on NSX-T using Panorama, the firewalls must belong to a device group and a template stack. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the Objects and Policies tabs on Panorama. Use template stacks to configure the settings that are required for the VM-Series firewalls to operate on the network; the configuration is defined using the Device and Network tabs on Panorama. Each template stack used in your NSX-T configuration must be associated with a service definition.
    Firewalls deployed in NSX-T have two default zones and two interfaces configured in virtual wire mode. Ethernet1/1 is part of zone south and ethernet1/2 is part of zone north. To push policy rules from Panorama to managed firewalls, you must configure zones and interfaces matching those on the firewall in the corresponding template stack on Panorama.
    1. Add a device group or a device group hierarchy.
      1. Select PanoramaDevice Groups, and click Add. You can also create a device group hierarchy.
      2. Enter a unique Name and a Description to identify the device group.
      3. Click OK.
      4. Click Commit and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.
    2. Add a template.
      1. Select PanoramaTemplates, and click Add.
      2. Enter a unique Name and a Description to identify the template.
      3. Click OK.
      4. Click Commit, and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.
    3. Create a template stack.
      1. Select PanoramaTemplates, and click Add Stack.
      2. Enter a unique Name and a Description to identify the template.
      3. Click Add to add the template you created previously.
      4. Click OK.
      5. Click Commit, and select Commit to Panorama to save the changes to the running configuration on Panorama.
    4. Configure the virtual wire, interfaces, and zones. Ensure that you select the correct template from the drop-down shown below. The objects you create must meet the following criteria:
      If you change the default virtual wire or zone names, the virtual wire and zones on Panorama must match the names used on the firewall.
      • Use ethernet1/1 and ethernet1/2.
      • The virtual wire object named vw1.
      • The first zone named south, type virtual-wire, and contain ethernet1/1.
      • The second zone named north, type virtual-wire, and contain ethernet1/2.
      Repeat this process for each template in your deployment.
    5. Click Commit, and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.
    6. Update the DNS and NTP server information of your template stack. Complete this step if you're using device certificates in your deployment. This is required to ensure the firewalls deployed in your NSX-T environment have the correct DNS information needed to reach the device certificate server.
      1. Verify that you specified the correct template stack from the Template drop-down.
      2. Select DeviceSetupServices and click the Edit icon.
      3. On the Services tab, enter the IP address of the Primary DNS Server and Secondary DNS Server.
      4. On the NTP tab, enter the IP address of the NTP Server.
      5. Click OK.
      6. Commit your changes to Panorama.

    © 2026 Palo Alto Networks, Inc. All rights reserved.