When deploying the VM-Series NSX edition firewall, you can now use a template stack and a device group hierarchy in the VMware Service Manager configuration on Panorama. Both template stacks and device group hierarchy (introduced in PAN-OS 7.0) allow you to organize devices based on some common criteria in order to minimize redundant configuration.
To create context awareness between the virtual and security environments for Dynamic Address Groups referenced in policy, you can also select one or more device groups in a hierarchy for notification when virtual machines are provisioned or removed from the network. The firewalls use this update to determine the most current list of members that constitute Dynamic Address Groups referenced in policy.
For configuration details, see
Create Template(s) and Device Group(s) on Panorama . For additional new features on the VM-Series NSX edition firewall, see
Support for Multi-Tenancy and Multiple Sets of Policy Rules on the VM-Series NSX Edition Firewall .
