Create Template(s) and Device Group(s)
To manage the VM-Series firewalls for NSX using Panorama, the firewalls must belong to a device group and a template. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the
Policiestabs on Panorama. Use templates to configure the settings that are required for the VM-Series firewalls to operate on the network and associate; the configuration is defined using the
Networktabs on Panorama. And each template containing zones used in your NSX configuration on Panorama must be associated with a service definition; at a minimum, you must create a zone within the template so that the NSX Manager can redirect traffic to the VM-Series firewall.
Each virtual wire zone belonging to the NSX-related template becomes available as a
service profileon the Service Composer on the NSX Manager. When you create NSX-related zone on Panorama, Panorama pushes the zone as a part of the template configuration to the firewall, and the firewall automatically creates a pair of virtual wire subinterfaces, for example ethernet1/1.3 and ethernet 1/2.3, to isolate traffic for a tenant or sub-tenant. On the firewall, you can then Create Security Groups and Steering Rules to secure traffic that arrives on the virtual wire subinterface pair that maps to the zone.
If you are new to Panorama, refer to the Panorama Administrator’s Guide for instructions on setting up Panorama.
- Add a device group or a device group hierarchy.
- Select, and clickPanoramaDevice GroupsAdd. You can also create a device group hierarchy.
- Enter a uniqueNameand aDescriptionto identify the device group.
- ClickOK.After the firewalls are deployed and provisioned, they will display underand will be listed in the device group.PanoramaManaged Devices
- ClickCommitand selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.
- Add a template or a template stack.
- Select, and clickPanoramaTemplatesAdd. You can also configure a template stack.
- Enter a uniqueNameand aDescriptionto identify the template.
- ClickCommit, and selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.
- Create the zone(s) for each template.Each zone is mapped to a service profile on NSX Manager. To qualify, a zone must be of the virtual wire type and in a template or member template of a template stack associated with a service definition.For a single-tenant deployment, create one zone. If you have multi-tenant deployment, create a zone for each sub-tenant.You can add up to 32 zones in each template.
- Select the correct template in theTemplatedrop-down.
- SelectAddand enter a zoneName.
- Set the interfaceTypetoVirtual Wire.
- Verify that the zones are attached to the correct template.
- ClickCommit, and selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.Panorama creates a corresponding service profile on NSX Manager for each qualified zone upon commit.
Use Case: Shared Security Policies on Dedicated Compute Inf...
Use Case: Shared Security Policies on Dedicated Compute Infrastructure If you are a Managed Service Provider who needs to secure a large enterprise ( tenant ...
Create Service Definitions
Create Service Definitions Panorama > VMware NSX > Service Definitions A service definition allows you to register the VM-Series firewall as a partner security service ...
Deploy the VM-Series Firewall in a Multi-NSX ManagerEnvironment
Deploy the VM-Series Firewall in a Multi-NSX Manager Environment Whether you are deploying a single NSX Manager or a multi-NSX Manager environment, set up the ...
Use Case: Shared Compute Infrastructure and Shared Security...
Use Case: Shared Compute Infrastructure and Shared Security Policies This use case allows you to logically isolate traffic from two tenants that share an ESXi ...
What is Multi-Tenant Support on the VM-Series Firewall for ...
What is Multi-Tenant Support on the VM-Series Firewall for NSX? Multi-tenancy on the VM-Series firewall enables you to secure more than one tenant or more ...
Create the Service Definitions on Panorama
Create the Service Definitions on Panorama A service definition specifies the configuration for the VM-Series firewalls installed on each host in an ESXi cluster. The ...
Add a Template
Add a Template You must add at least one template before Panorama will display the Device and Network tabs required to define the network set ...
Plan Your Multi-NSX Deployment
Plan Your Multi-NSX Deployment You must carefully plan your device group hierarchy and template stacks and consider how they interact with the other components needed ...
Create and Deploy a Service Graph Template
Create and Deploy a Service Graph Template After creating Panorama and your firewall, you must create a service graph template. A service graph defines the ...