Deploy the VM-Series Firewall in a Multi-NSX Manager Environment
Whether you are deploying a single NSX Manager
or a multi-NSX Manager environment, set up the connection between
an NSX Manager and Panorama before you continue on to set up the
next NSX Manager with Panorama.
- Install the VMware NSX Plugin version 2.0 as it allows you to connect up to 16 NSX Managers. This version of the plugin allows you to add more than one Service Manager to your VM-Series firewall for NSX configuration on Panorama.
- Enable
Communication Between the NSX Manager and Panorama.
- Create
Template(s) and Device Group(s) on Panorama. Device groups
and template stacks push the security policy and network settings
to the VM-Series firewalls in each ESXi cluster.When configuring policy rules and objects, verify that you have selected the correct device group.
When configuring network and device settings, verify that you have selected the correct template stack.
- Create
the Service Definitions on Panorama and attach them to the
service manager. Each service definition can reference one device
group and one template stack. Panorama supports up to 32 service
definitions across all service managers.
- Configure dynamic address groups or security groups and
redirect traffic to the VM-Series firewall.
- For security-centric deployments Set Up Dynamic Address Groups on Panorama and Create Steering Rules on Panorama.
- For operations-centric deployments Set Up Security Groups on the NSX Manager and Create Steering Rules on NSX Manager.
Verify that you have selected the correct device group so the right steering rules are sent to the corresponding NSX Manager. - Deploy
the Palo Alto Networks NGFW Service on each ESXi cluster
by using the relevant service definitions.
- Repeat this process for each NSX Manager.
- Select and click Add.
- Enable Communication Between the NSX Manager and Panorama.