After creating Panorama and your firewall,
you must create a service graph template. A service graph defines
the service that the L4-L7 device (the firewall) provides. Complete
the following procedure to create and apply a service graph.
Create a Service Graph Template.
right click on
L4-L7 Service Graph Templates
Create L4-L7 Service Graph Template
Click and drag a device cluster from Device Cluster
table and place it between the two EPGs to create a service node.
Set the firewall function to Routed (L3/GoTo) or Transparent (L2/GoThrough)
depending on how you configured your device.
Select the profile that matches the device package
and function you configured previously.
Apply the Service Graph Template.
Parameters indicated with red box are required.
right click on the service graph template you created above.
Apply L4-L7 Service Graph Template
Select a consumer EPG from the Consumer EPG/External
Select a provider EPG from the Provider EPG/Internal
again on Step 2
of the wizard.
displays all the parameters that APIC will send to the firewall.
Create two zones.
Click the plus (+) icon next to Interface Security
for the zone.
to Layer 2 or Layer 3
Repeat these steps for the second zone.
Configure two data interfaces for the firewall.
Select and expand
Layer 2 Interface
based on your deployment.
Enter the interface’s IP address with subnet mask.
and specify one
the security zones you created previously.
Repeat these steps for the second interface.
Create a Panorama device.
for the device group.
In Security Configuration Binding, set the
Click Finish. The APIC is now deploying the configuration
to the firewall and Panorama. Use Panorama or the firewall web UI
to verify the deployment of the network interface configuration
and device group configuration.
The device is now inserted in the network, configured,
and ready to pass traffic.