Deploy the VM-Series Firewall

Learn how to deploy the VM-Series firewall on VMware NSX-T.
After completing the configuration on Panorama, perform the following procedure to launch the VM-Series firewall in your NSX-T Data Center.
  1. Log in to NSX-T Manager.
  2. Select
    Advanced Networking & Security
    Partner Services
    Catalog
    .
  3. Select the
    Registered Service
    that matches the service definition to be deployed.
  4. Select the VM-Series firewall image from the drop-down in the Registered Service entry.
    nsxt-registered-services.png
  5. Click
    Deploy
    under the registered service for the service definition you want to use to launch the firewall.
  6. Click
    Proceed
    .
  7. Enter the Partner Service details. This information tells NSX-T Manager which Partner Service and logical router to use when deploying the VM-Series firewall.
    1. Enter a descriptive
      Instance Name
      for your VM-Series firewall.
    2. NSX-T Manager prepopulates the
      Partner Service
      field. Selecting a Partner Service populates the
      Deployment Specification
      field.
    3. Click the
      Logical Router
      field and select a tier-0 or tier-1 router. NSX-T Manager attaches the VM-Series firewall to the selected router and redirects traffic passing through that router to the VM-Series firewall for inspection. You must select a router with no service insertion attached.
    4. Click
      Next
      .
      nsxt-partner-service-config.png
  8. Configure resource and storage settings.
    1. Select a
      Compute Manager
      . The compute manager is the vCenter server managing your datacenter.
    2. Select a
      Cluster
      . You can deploy the VM-Series firewall on any cluster that does not include any Edge Transport Nodes.
    3. (
      Optional
      ) Select the Resource Pool if you have created any on vCenter server.
    4. Select a
      Datastore
      .
      nsxt-partner-service-instance-config-1.png
    5. Select the
      Deployment Mode
      for your VM-Series firewall—Standalone or High Availability.
    6. Set the
      Failure Policy
      to Allow or Block. The failure policy defines how NSX-T Manager handles traffic that is directed to the VM-Series firewall if the firewall becomes unavailable.
    7. Enter the
      IP Address,
      Gateway
      ,
      Subnet Mask
      , and
      Network ID
      for the VM-Series firewall management port.
    8. If you are deploying the VM-Series firewall in HA mode, repeat the previous step for secondary firewall instance.
    9. Click
      Next
      .
      nsxt-partner-service-instance-config-2.png
  9. Click on the
    Deployment Template
    field and select a deployment template. Choosing a deployment template automatically populates the template properties.
    Do not edit the Template Property settings
    .
    nsxt-partner-service-advanced-config.png
  10. Click
    Finish
    to deploy the VM-Series firewall.

Recommended For You