End-of-Life (EoL)

Prepare Your ACI Environment for Integration

Before you can integrate the firewall with a device package, you must complete the following steps to prepare your Cisco ACI environment.
  1. Deploy the firewall.
    • Physical Firewall—Connect the firewall’s out-of-band management port to one leaf switch port and connect at least one firewall data interface to the switch. Firewall interfaces on a physical firewall are configured with VLANs to ensure connectivity to the correct networks. Deploy the firewall according to the platform-specific installation guide.
    • VM-Series Firewall—When configuring the virtual hardware for the VM-Series firewall, set the port-group for the management interface. Each VM-Series firewall connected to the network requires its own virtual NIC. Deploy the VM-Series firewall based on your hypervisor.
  2. Configure the management IP address on each firewall and Panorama.
    Perform initial configuration on:
  3. Add your firewall(s) to Panorama as a managed device.
  4. Install feature licenses on your firewall(s).
  5. Establish Cisco ACI fabric and management connectivity.
    As part of this configuration, create a physical domain and VLAN namespace. Ensure that data interfaces of any physical firewalls are part of the physical domain.
  6. (VM-Series only) Create a Cisco ACI VMM domain profile.
    If you are using virtual machines or the VM-Series firewall, create a virtual machine monitor (VMM) domain profile for the VMware vSphere environment. The VMM domain specifies the connectivity policy between vSphere and the ACI fabric.
  7. Install the Palo Alto Networks device package for Cisco ACI if you are using Service Manager mode. Do not install this when using Network Policy mode.
    1. Login to the APIC.
    2. Select
      L4-L7 Services
      L4-L7 Service Device Types
    3. Select
      Import Device Package
    4. Click
      and locate the Palo Alto Networks Device Package.
    5. Click
    6. Click

Recommended For You