End-of-Life (EoL)

Create a Tenant and Application Profile

You must create a tenant to contain the application and firewall service. The tenant contains the virtual routing and forwarding (VRF) object, endpoint groups, and application profile.
  1. Create a tenant, VRF, and two bridge domain.
    1. Login to the APIC UI.
    2. Select
      Tenant
      Add Tenant
      .
    3. Enter a
      Name
      for your tenant.
    4. Enter a
      VRF Name
      for you VRF.
    5. Verify that
      Take me to this tenant when I click finish
      is checked.
    6. Click
      Submit
      . You will be redirected to
      Tenant
      <your-tenant>
      Networking
      where you will add bridge domains.
    7. Click and drag the bridge domain (BD) icon next to the icon of the VRF you named previously. This action opens the Create Bridge Domain window.
    8. Enter a
      Name
      for your bridge domain.
    9. Click
      Submit
      .
    10. Repeat steps g, h, and i for you second bridge domain.
  2. Create an Application Profile with two endpoint groups (EPG). Each EPG must correspond to one of the bridge domains you created previously.
    1. In the APIC UI, select
      Tenants
      and double click on the tenant you created previously.
    2. Right click on
      Application Profiles
      and select
      Create Application Profile
      .
    3. Enter a
      Name
      for you Application Profile.
    4. Click the plus (+) icon under EPGs to and EPG.
    5. Enter a
      Name
      for your EPG.
    6. Select a bridge domain.
    7. Select a domain for the EPG.
      If you choose a virtual domain (VMM), you do not need to provide any further information for the EPG. However, if you choose a physical domain, you need to specify a static path.
      The static path is the physical port on a leaf switch that the firewall is connected to. This mapping was determined when you created you ACI Fabric and deployed the firewall.
  3. Create a Device Manager. The device manager is your Panorama.
    1. Select
      L4-L7 Services
      .
    2. Right click
      Device Managers
      and select
      Create Device Manager
      .
    3. Enter a
      Name
      for the device manager.
    4. From the Device Manager Type drop-down, select the option that corresponds the with the Palo Alto Networks device package you installed.
    5. Click the plus (+) icon under Management and enter the management IP address of Panorama and port 443 because HTTPS is used to connect to Panorama.
    6. Click
      Update
      .
    7. Enter the username and password for Panorama.
    8. Click
      Submit
      .
  4. (Optional) Create a Chassis. A chassis is required to deploy multi-context firewalls (vsys). Without a chassis, the APIC always configures the default vsys (vsys1).
    1. Select
      L4-L7 Services
      .
    2. Right click
      Chassis
      and select
      Create Chassis
      .
    3. Enter a
      Name
      for the chassis.
    4. Enter a username and password and confirm the password.
    5. Enter the chassis host IP address and port.
      APIC never uses the username and password entered for the chassis, so the values entered are irrelevant but requested by the APIC. The chassis must exist and is set as the chassis for the firewall device. This instructs APIC to use a vsys other than the default vsys (vsys1).

Recommended For You