Create Template(s), Template Stack(s),
and Device Group(s) on Panorama
To manage the VM-Series firewalls for NSX-V
using Panorama, the firewalls must belong to a device group and
a template that is a member of a template stack. Device groups allow
you to assemble firewalls that need similar policies and objects
as a logical unit; the configuration is defined using the
Objects
and
Policies
tabs
on Panorama. Use template stacks to configure the settings that
are required for the VM-Series firewalls to operate on the network
and associate; the configuration is defined using the
Device
and
Network
tabs
on Panorama. And each template stack with zones used in your NSX-V
configuration on Panorama must be associated with a service definition;
at a minimum, you must create a zone within the template stack so
that the NSX-V Manager can redirect traffic to the VM-Series firewall.
Each
virtual wire zone belonging to the NSX-V-related template becomes available
as a
service profile on the Service Composer on the
NSX-V Manager. When you create NSX-V-related zone on Panorama, Panorama pushes
the zone as a part of the template stack configuration to the firewall,
and the firewall automatically creates a pair of virtual wire subinterfaces,
for example ethernet1/1.3 and ethernet 1/2.3, to isolate traffic
for a tenant or sub-tenant. On the firewall, you can then
Create
Security Groups and Steering Rules to secure traffic that
arrives on the virtual wire subinterface pair that maps to the zone.
If
you are new to Panorama, refer to the
Panorama Administrator’s Guide for instructions
on setting up Panorama.
- Add a device group or a device group hierarchy.
- Select , and clickAdd. You can also create a device group hierarchy.
- Enter a uniqueNameand aDescriptionto identify the device group.
- ClickOK.After the firewalls are deployed and provisioned, they will display under and will be listed in the device group.
- ClickCommitand selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.
- Add a template.
- Select , and clickAdd.
- Enter a uniqueNameand aDescriptionto identify the template.
- ClickOK.
- ClickCommit, and selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.
- Add a template stack.
- Select , and clickAdd Stack.
- Enter a uniqueNameand aDescriptionto identify the template stack.
- ClickAddunder Templates and select the template you created above.
- ClickOK.
- ClickCommit, and selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.
- Create the zone(s) for each template.Each zone is mapped to a service profile on NSX-V Manager. To qualify, a zone must be of the virtual wire type and a template associated with a service definition.For a single-tenant deployment, create one zone. If you have multi-tenant deployment, create a zone for each sub-tenant.You can add up to 32 zones in each template.
- Select .
- Select the correct template in theTemplatedrop-down.
- SelectAddand enter a zoneName.
- Set the interfaceTypetoVirtual Wire.
- ClickOK.
- Verify that the zones are attached to the correct template.
- ClickCommit, and selectPanoramaas theCommit Typeto save the changes to the running configuration on Panorama.Panorama creates a corresponding service profile on NSX-V Manager for each qualified zone upon commit.
