Create a Tenant and Application Profile
You must create a tenant to contain the application and firewall service. The tenant contains the virtual routing and forwarding (VRF) object, endpoint groups, and application profile.
- Create a tenant, VRF, and two bridge domain.
- Login to the APIC UI.
- Select.TenantAdd Tenant
- Enter aNamefor your tenant.
- Enter aVRF Namefor you VRF.
- Verify thatTake me to this tenant when I click finishis checked.
- ClickSubmit. You will be redirected towhere you will add bridge domains.Tenant<your-tenant>Networking
- Click and drag the bridge domain (BD) icon next to the icon of the VRF you named previously. This action opens the Create Bridge Domain window.
- Enter aNamefor your bridge domain.
- Repeat steps g, h, and i for you second bridge domain.
- Create an Application Profile with two endpoint groups (EPG). Each EPG must correspond to one of the bridge domains you created previously.
- In the APIC UI, selectTenantsand double click on the tenant you created previously.
- Right click onApplication Profilesand selectCreate Application Profile.
- Enter aNamefor you Application Profile.
- Click the plus (+) icon under EPGs to and EPG.
- Enter aNamefor your EPG.
- Select a bridge domain.
- Select a domain for the EPG.If you choose a virtual domain (VMM), you do not need to provide any further information for the EPG. However, if you choose a physical domain, you need to specify a static path.The static path is the physical port on a leaf switch that the firewall is connected to. This mapping was determined when you created you ACI Fabric and deployed the firewall.
- Create a Device Manager. The device manager is your Panorama.
- SelectL4-L7 Services.
- Right clickDevice Managersand selectCreate Device Manager.
- Enter aNamefor the device manager.
- From the Device Manager Type drop-down, select the option that corresponds the with the Palo Alto Networks device package you installed.
- Click the plus (+) icon under Management and enter the management IP address of Panorama and port 443 because HTTPS is used to connect to Panorama.
- Enter the username and password for Panorama.
- (Optional) Create a Chassis. A chassis is required to deploy multi-context firewalls (vsys). Without a chassis, the APIC always configures the default vsys (vsys1).
- SelectL4-L7 Services.
- Right clickChassisand selectCreate Chassis.
- Enter aNamefor the chassis.
- Enter a username and password and confirm the password.
- Enter the chassis host IP address and port.APIC never uses the username and password entered for the chassis, so the values entered are irrelevant but requested by the APIC. The chassis must exist and is set as the chassis for the firewall device. This instructs APIC to use a vsys other than the default vsys (vsys1).
Recommended For You
Recommended videos not found.