Configure the Panorama Plugin for VMware vCenter
After installing the plugin, complete the following procedure to establish a connection between Panorama and vCenter.
For the plugin to monitor virtual machines in your vCenter environment, you must have VMware tools installed. In vCenter, IP addresses of VMs are not externally retrievable; they are only visible through VMware tools.
- Log in to the Panorama web interface.
- Enable monitoring and set the monitoring interval.
- Select.PanoramaVMware vCenterSetupGeneral
- SelectEnable Monitoring. This enables monitoring for all vCenters in your deployment.
- Set theMonitoring Intervalin seconds. The monitoring interval is how often Panorama retrieves updated network information from vCenter. The default value is 60 seconds and has a range of 60 to 84600 seconds.
- Create a notify group.
- Select.PanoramaVMware vCenterSetupNotify Groups
- Enter a descriptiveNamefor your notify group.
- Select the device groups in your vCenter deployment.
- Add vCenter information. The Panorama plugin for VMware vCenter supports up to 16 vCenter instances.
- Select.PanoramaVMware vCenterSetupvCenter
- Enter a descriptiveNamefor your vCenter.
- Enter the IP address or FQDN for vCenter and port, if applicable.
- Enter your vCenter username.
- Enter and confirm your vCenter password.
- ClickValidateto verify that Panorama can connect to vCenter using the login credentials you entered.
- Configure up to 16 Monitoring Definitions.A vCenter instance can be assigned to only one Monitoring Definition.
- Selectand clickPanoramaVMware vCenterMonitoring DefinitionAdd.
- Enter a descriptiveNameand optionally a description to identify the vCenter for which you use this definition.
- Select thevCenterandNotify Group.
- Commityour changes.
- Verify that you can view the VM information on Panorama, and define the match criteria for Dynamic Address Groups.You must use the OR operator when using more than one tag in the match criteria; using the AND operator does not work.
- Verify that addresses in your VMs are added to DAGs.
- Select.PanoramaObjectsAddress Groups
- ClickMorein the Addresses column of a DAG.Panorama displays a list of IP addresses added to that DAG based on the match criteria you specified.
- Use dynamic address groups in policy.
- ClickAddand enter aNameand aDescriptionfor the policy.
- Add theSource Zoneto specify the zone from which the traffic originates.
- Add theDestination Zoneat which the traffic is terminating.
- For theDestination Address, select the Dynamic address group you just created.
- Specify the action—AlloworDeny—for the traffic, and optionally attach the default security profiles to the rule.
- Repeats Steps 1 through 6 to create another policy rule.
- You can update the dynamic objects from vCenter at any time by synchronizing dynamic objects. Synchronizing dynamic objects enables you to maintain context on changes in the virtual environment and allows you to enable applications by automatically updating the Dynamic Address Groups used in policy rules.
- Select.PanoramaVMware vCenterMonitoring Definition
- ClickSynchronize Dynamic Objects.
- If a firewall in your vCenter deployment restarts or disconnects from Panorama, that firewall goes out of sync with the Panorama plugin for vCenter and no receive updates. After the firewall reconnects with Panorama, you must manually synchronize Panorama and the firewall.
- Log in to the Panorama CLI.
- Execute the following command.admin@Panorama> request plugins vmware_vcenter sync
About VM Monitoring on VMware vCenter
About VM Monitoring on VMware vCenter The Panorama plugin for VMware vCenter gives you the tools to build policy for your vCenter environment using Dynamic ...
VM Monitoring on vCenter
VM Monitoring on vCenter Install and configure the Panorama plugin for VMware vCenter to retrieve the IP addresses for guests in your vCenter environment and ...
Configure the Cisco ACI Plugin
Configure the Cisco ACI Plugin Establish a connection between Panorama and the APIC. After installing the plugin, you must set the monitoring interval, configure a ...
Install the Panorama Plugin for VMware vCenter
Install the Panorama Plugin for VMware vCenter To get started with endpoint monitoring on vCenter, download and install the Panorama Plugin for VMware vCenter. If ...
Enable VM Monitoring to Track Changes on the Virtual Network
Enable VM Monitoring to Track Changes on the Virtual Network VM information sources provides an automated way to gather information on the Virtual Machine (VM) ...
Set Up the AWS Plugin for VM Monitoring on Panorama
Set Up the AWS Plugin for VM Monitoring on Panorama Get started with installing the AWS plugin and configure it for monitoring your EC2 instances ...
Set Up the Azure Plugin for VM Monitoring on Panorama
Set Up the Azure Plugin for VM Monitoring on Panorama To start collecting IP address-to-tag mapping, set up the VM Monitoring agent to execute as ...
Device > VM Information Sources
Device > VM Information Sources Use this tab to proactively track changes on the Virtual Machines (VMs) deployed on any of these sources—VMware ESXi server, ...
Create a VLAN Pool and Domain
Create a VLAN Pool and Domain Configure the VLAN pool that will be used to allocate VLANs to the firewall when you attach interfaces to ...