In order to enable the network communication required
to deploy the VM-Series firewall for NSX, you must allow the use
of the following protocols/ports and applications.
Panorama
—To obtain software updates and dynamic
updates, Panorama uses SSL to access updates.paloaltonetworks.com on
TCP/443; this URL leverages the CDN infrastructure. If you need
a single IP address, use staticupdates.paloaltonetworks.com.
The App-ID for updates is paloalto-updates.
The NSX Manager
and Panorama use SSL to communicate on TCP/443.
VM-Series Firewall for NSX
—If you plan to use WildFire,
the VM-Series firewalls must be able to access wildfire.paloaltonetworks.com on
port 443. This is an SSL connection and the App-ID is paloalto-wildfire-cloud.
The
management interface on the VM-Series firewall uses SSL to communicate
with Panorama over TCP/3978.
vCenter Server
The vCenter Server must be able to
reach the deployment web server that is hosting the VM-Series OVA.
The port is TCP/80 by default or App-ID web-browsing.
