Create Template(s), Template Stack(s), and Device Group(s) on Panorama

To manage the VM-Series firewalls for NSX-V using Panorama, the firewalls must belong to a device group and a template that is a member of a template stack. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the

Objects

and

Policies

tabs on Panorama. Use template stacks to configure the settings that are required for the VM-Series firewalls to operate on the network and associate; the configuration is defined using the

Device

and

Network

tabs on Panorama. And each template stack with zones used in your NSX-V configuration on Panorama must be associated with a service definition; at a minimum, you must create a zone within the template stack so that the NSX-V Manager can redirect traffic to the VM-Series firewall.

Each virtual wire zone belonging to the NSX-V-related template becomes available as a

service profile

on the Service Composer on the NSX-V Manager. When you create NSX-V-related zone on Panorama, Panorama pushes the zone as a part of the template stack configuration to the firewall, and the firewall automatically creates a pair of virtual wire subinterfaces, for example ethernet1/1.3 and ethernet 1/2.3, to isolate traffic for a tenant or sub-tenant. On the firewall, you can then Create Security Groups and Steering Rules to secure traffic that arrives on the virtual wire subinterface pair that maps to the zone.

If you are new to Panorama, refer to the Panorama Administrator’s Guide for instructions on setting up Panorama.

Add a device group or a device group hierarchy.

Select

Panorama

Device Groups

, and click

Add

. You can also create a device group hierarchy.

Enter a unique

Name

and a

Description

to identify the device group.

Click

After the firewalls are deployed and provisioned, they will display under

Panorama

Managed Devices

and will be listed in the device group.

Click

Commit

and select

Panorama

as the

Commit Type

to save the changes to the running configuration on Panorama.

Add a template.

Select

Panorama

Templates

, and click

Add

Enter a unique

Name

and a

Description

to identify the template.

Click

Commit

, and select

Panorama

as the

Commit Type

to save the changes to the running configuration on Panorama.

Add a template stack.

Select

Panorama

Templates

, and click

Add Stack

Enter a unique

Name

and a

Description

to identify the template stack.

Click

Add

under Templates and select the template you created above.

Click

Commit

, and select

Panorama

as the

Commit Type

to save the changes to the running configuration on Panorama.

Create the zone(s) for each template.

Each zone is mapped to a service profile on NSX-V Manager. To qualify, a zone must be of the virtual wire type and a template associated with a service definition.

For a single-tenant deployment, create one zone. If you have multi-tenant deployment, create a zone for each sub-tenant.

You can add up to 32 zones in each template.

Select

Network

Zones

Select the correct template in the

Template

drop-down.

Select

Add

and enter a zone

Name

Set the interface

Type

Virtual Wire

Click

Verify that the zones are attached to the correct template.

Click

Commit

, and select

Panorama

as the

Commit Type

to save the changes to the running configuration on Panorama.

Panorama creates a corresponding service profile on NSX-V Manager for each qualified zone upon commit.

Document:VM-Series Deployment Guide

Create Template(s), Template Stack(s), and Device Group(s) on Panorama

Create Template(s), Template Stack(s), and Device Group(s) on Panorama

Related Documentation