Physical Firewall—Connect the firewall’s out-of-band
management port to one leaf switch port and connect at least one
firewall data interface to the switch. Firewall interfaces on a
physical firewall are configured with VLANs to ensure connectivity
to the correct networks. Deploy the firewall according to the platform-specific installation guide.
VM-Series Firewall—When configuring the virtual hardware
for the VM-Series firewall, set the port-group for the management
interface. Each VM-Series firewall connected to the network requires
its own virtual NIC. Deploy the VM-Series firewall based on
Configure the management IP address on each firewall
Establish Cisco ACI fabric and management connectivity.
As part of this configuration, create a physical domain
and VLAN namespace. Ensure that data interfaces of any physical
firewalls are part of the physical domain.
(VM-Series only) Create a Cisco ACI VMM domain profile.
If you are using virtual machines or the VM-Series firewall,
create a virtual machine monitor (VMM) domain profile for the VMware
vSphere environment. The VMM domain specifies the connectivity policy
between vSphere and the ACI fabric.
Install the Palo Alto Networks device package for Cisco
ACI if you are using Service Manager mode. Do not install this when
using Network Policy mode.