Steer Traffic from Guests that are not Running VMware Tools
VMware Tools contains a utility that allows the NSX Manager to collect the IP address(es) of each guest running in the cluster. NSX Manager uses the IP address as a match criterion to steer traffic to the VM-Series firewall. If you do not have VMware tools installed on each guest, the IP address(es) of the guest is unavailable to the NSX Manager and traffic cannot be steered to the VM-Series firewall.
The following steps allow you to manually provision guests without VMware Tools so that traffic from each of these guests can be managed by the VM-Series firewall.
- Create an IP set that includes the guests that
need to be secured by the VM-Series firewall. This IP set will be
used as the source or destination object in an NSX distributed firewall
rule in step Step 2 below.
- Select NSX ManagersManageGrouping ObjectsIP Sets.
- Click Add and enter the IP address of each guest that does not have VMware tools installed, and needs to be secured by the VM-Series firewall. Use commas to separate individual IP addresses; IP ranges or subnets are not valid.
the IP sets to the Security Groups on NSX, to enforce policy.
- Select Networking and SecurityService ComposerSecurity Groups.
- Select Select objects to includeIP Sets, add the IP set object to include.
How Do the Components in the VM-Series Firewall for NSX Solution Work Together?
How Do the Components in the VM-Series Firewall for NSX Solution Work Together? To meet the security challenges in the software-defined data center, the NSX ...
Set Up the VM-Series Firewall on VMware NSX
Set Up the VM-Series Firewall on VMware NSX The VM-Series firewall for VMware NSX is jointly developed by Palo Alto Networks and VMware. This solution ...
VM-Series Firewall for NSX Deployment Checklist
VM-Series Firewall for NSX Deployment Checklist To deploy the VM-Series firewall for NSX, use the following workflow: Step 1: Set up the Components —To deploy ...
Dynamically Quarantine Infected Guests
Dynamically Quarantine Infected Guests Threat and traffic logs in PAN-OS include the source or destination universally unique identifier (UUID) of guest VMs in your NSX ...
Integrated Policy Rules
Integrated Policy Rules Panorama serves as the single point of configuration that provides the NSX Manager with the contextual information required to redirect traffic from ...
Create Steering Rules
Create Steering Rules Panorama > VMware NSX > Steering Rules Steering rules determine what traffic from which guests in the cluster is steered to the ...
Use Case: Shared Security Policies on Dedicated Compute Infrastructure
Use Case: Shared Security Policies on Dedicated Compute Infrastructure If you are a Managed Service Provider who needs to secure a large enterprise ( tenant ...
Deploy the Palo Alto Networks NGFW Service
Deploy the Palo Alto Networks NGFW Service Use the following steps to automate the process of deploying an instance of the VM-Series firewall for NSX ...
Use Case: Shared Compute Infrastructure and Shared Security Policies
Use Case: Shared Compute Infrastructure and Shared Security Policies This use case allows you to logically isolate traffic from two tenants that share an ESXi ...