Prepare Your ACI Environment for Integration

Before you can integrate the firewall, you must complete the following steps to prepare your Cisco ACI environment.
  1. Deploy the firewall.
    • Physical Firewall—Connect the firewall’s out-of-band management port to one leaf switch port and connect at least one firewall data interface to the switch. Firewall interfaces on a physical firewall are configured with VLANs to ensure connectivity to the correct networks. Deploy the firewall according to the platform-specific installation guide.
    • VM-Series Firewall—When configuring the virtual hardware for the VM-Series firewall, set the port-group for the management interface. Each VM-Series firewall connected to the network requires its own virtual NIC. Deploy the VM-Series firewall based on your hypervisor.
  2. Configure the management IP address on each firewall and Panorama.
    Perform initial configuration on:
  3. Add your firewall(s) to Panorama as a managed device.
  4. Install feature licenses on your firewall(s).
  5. Establish Cisco ACI fabric and management connectivity.
    As part of this configuration, create a physical domain and VLAN namespace. Ensure that data interfaces of any physical firewalls are part of the physical domain.
  6. Create a Cisco ACI VMM domain profile.
    If you are using virtual machines or the VM-Series firewall, create a virtual machine monitor (VMM) domain profile for the VMware vSphere environment. The VMM domain specifies the connectivity policy between vSphere and the ACI fabric.

Recommended For You