End-of-Life (EoL)

Create and Deploy a Service Graph Template

After creating Panorama and your firewall, you must create a service graph template. A service graph defines the service that the L4-L7 device (the firewall) provides. Complete the following procedure to create and apply a service graph.
  1. Create a Service Graph Template.
    1. Select
      Tenants
      <your-tenant>
      L4-L7 Services
      and right click on
      L4-L7 Service Graph Templates
      .
    2. Click
      Create L4-L7 Service Graph Template
      .
    3. Enter a
      Graph Name
      .
    4. Click and drag a device cluster from Device Cluster table and place it between the two EPGs to create a service node.
    5. Set the firewall function to Routed (L3/GoTo) or Transparent (L2/GoThrough) depending on how you configured your device.
    6. Select the profile that matches the device package and function you configured previously.
    7. Click
      Submit
      .
  2. Apply the Service Graph Template.
    Parameters indicated with red box are required.
    1. Select
      Tenants
      <your-tenant>
      L4-L7 Services
      and right click on the service graph template you created above.
    2. Click
      Apply L4-L7 Service Graph Template
      .
    3. Select a consumer EPG from the Consumer EPG/External Network drop-down.
    4. Select a provider EPG from the Provider EPG/Internal Network drop-down.
    5. Enter a
      Contract Name
      .
    6. Click
      Next
      .
    7. Click
      Next
      again on Step 2 of the wizard.
    8. Click on
      All Parameters
      . This displays all the parameters that APIC will send to the firewall.
    9. Create two zones.
      1. Click the plus (+) icon next to Interface Security Zone.
      2. Enter a
        Name
        for the zone.
      3. Set the
        Mode
        to Layer 2 or Layer 3
      4. Repeat these steps for the second zone.
    10. Configure two data interfaces for the firewall.
      1. Expand
        Interface Configuration
        .
      2. Select and expand
        Layer 2 Interface
        or
        Layer 3 Interface
        based on your deployment.
      3. Enter the interface’s IP address with subnet mask.
      4. Click
        Security Zone
        and specify one the security zones you created previously.
      5. Repeat these steps for the second interface.
    11. Create a Panorama device.
      1. Expand
        Security Configuration
        .
      2. Enter a
        Name
        for the device group.
      3. Select
        Function Config
        Security Configuration
        .
      4. In Security Configuration Binding, set the
        SecurityConfigRel
        value to
        SecurityConfig
        .
    12. Click Finish. The APIC is now deploying the configuration to the firewall and Panorama. Use Panorama or the firewall web UI to verify the deployment of the network interface configuration and device group configuration.
      The device is now inserted in the network, configured, and ready to pass traffic.
    all_parameters_service_graph_template.png

Recommended For You