To manage the VM-Series NSX edition firewalls using Panorama, the firewalls must belong to a device group and a template. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the Objects and Policies tabs on Panorama. You use Templates to configure the settings that are required for the VM-Series firewalls to operate on the network; the configuration is defined using the Device and Network tabs on Panorama. At a minimum, you must create a zone within the template so that the NSX Manager can redirect traffic to the VM-Series firewall. You can also use templates to define administrative access to the firewall or to define log settings and server profiles on the managed firewalls.
In each template, you must specify one or more zones of type NSX service profile so that the VM-Series firewalls can receive traffic from the guests in the vSphere environment. Each NSX service profile zone becomes available as a service profile on the Service Composer on the NSX Manager. When you create an NSX service profile zone on Panorama, Panorama pushes the zone as a part of the template configuration to the firewall, and the firewall automatically creates a pair of virtual wire subinterfaces, for example ethernet1/1.3 and ethernet 1/2.3, to isolate traffic for a tenant or sub-tenant. On the firewall, you can then Create Policies to secure traffic that arrives on the virtual wire subinterface pair that maps to the zone.
If you are new to Panorama, refer to the Panorama Administrator’s Guide for instructions on setting up Panorama.
Create a Device Group and a Template on Panorama
Add a device group or a device group hierarchy. Select Panorama > Device Groups, and click Add. You can also create a device group hierarchy. Enter a unique Name and a Description to identify the device group. Click OK. After the firewalls are deployed and provisioned, they will display under Panorama > Managed Devices and will be listed in the device group. Click Commit and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.
Add a template or a template stack. Select Panorama > Templates, and click Add. You can also configure a template stack. Enter a unique Name and a Description to identify the template. Click OK. Click Commit, and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.
Create the NSX service profile zone(s) for each template. For a single-tenant deployment, create one zone. If you have multi-tenant deployment, create a zone for each sub-tenant. You can add up to 32 zones in each template. Select Network > Zones. Select the correct template in the Template drop-down. Select Add and enter a zone Name. Select the Service Profile Zone for NSX check box. This selection automatically sets the interface Type to Virtual Wire.
Click OK. Verify that the zones are attached to the correct template.
Click Commit, and select Panorama as the Commit Type to save the changes to the running configuration on Panorama.

Related Documentation