Use the Post Rulebase to Define NSX-T Steering Rules

  1. Create security rules.
    1. In Panorama, select
      Policies
      Security
      Post Rules
      .
    2. Verify that you are configuring the security rules in a device group associated with an NSX-T service definition.
    3. Click on the name of a security rule to edit.
    4. Set the Rule Type to
      intrazone (Devices with PAN-OS 6.1 or later)
      .
    5. In the Source tab, set the source zone to the zone from the template stack associated with the service definition. Then select a dynamic address group you created previously as the Source Address. Do not add any static address groups, IP ranges, or netmasks as a Source Address.
    6. In the Destination tab, Panorama does not allow you to set a destination zone because you set the rule type to intrazone. Then select a dynamic address group you created previously as the Destination Address. Do not add any static address groups, IP ranges, or netmasks as a Destination Address.
    7. Click
      OK
      .
    8. Repeat steps 1 through 7 for each steering rule you require.
  2. Commit
    your changes to Panorama.

Recommended For You