Deploy the VM-Series Firewall in a Multi-NSX-V
Manager Environment
Whether you are deploying a single NSX-V Manager
or a multi-NSX-V Manager environment, set up the connection between
an NSX-V Manager and Panorama before you continue on to set up the
next NSX-V Manager with Panorama.
- Install the VMware NSX-V Plugin version 2.0 as it allows you to connect up to 16 NSX-V Managers. This version of the plugin allows you to add more than one Service Manager to your VM-Series firewall for NSX-V configuration on Panorama.
- Create Template(s) and Device Group(s) on Panorama. Device groups and template stacks push the security policy and network settings to the VM-Series firewalls in each ESXi cluster.When configuring policy rules and objects, verify that you have selected the correct device group.
When configuring network and device settings, verify that you have selected the correct template stack.
- Create the Service Definitions on Panorama and attach them to the service manager. Each service definition can reference one device group and one template stack. Panorama supports up to 32 service definitions across all service managers.
- Configure dynamic address groups or security groups and redirect traffic to the VM-Series firewall.
- For security-centric deployments Set Up Dynamic Address Groups on Panorama and Create Steering Rules on Panorama.
- For operations-centric deployments Set Up Security Groups on the NSX-V Manager and Create Steering Rules on NSX-V Manager.
Verify that you have selected the correct device group so the right steering rules are sent to the corresponding NSX-V Manager. - Deploy the Palo Alto Networks NGFW Service on each ESXi cluster by using the relevant service definitions.
- Repeat this process for each NSX-V Manager.
- Select and clickAdd.
