Deploy the VM-Series Firewall

Learn how to deploy the VM-Series firewall on VMware NSX-T.
After completing the configuration on Panorama, perform the following procedure to launch the VM-Series firewall in your NSX-T Data Center.
  1. Log in to NSX-T Manager.
  2. Select
    Advanced Networking & Security
    Partner Services
    Catalog
    .
  3. Select the
    Registered Service
    that matches the service definition to be deployed.
  4. Select the VM-Series firewall image from the drop-down in the Registered Service entry.
  5. Click
    Deploy
    under the registered service for the service definition you want to use to launch the firewall.
  6. Click
    Proceed
    .
  7. Enter the Partner Service details. This information tells NSX-T Manager which Partner Service and logical router to use when deploying the VM-Series firewall.
    1. Enter a descriptive
      Instance Name
      for your VM-Series firewall.
    2. NSX-T Manager prepopulates the
      Partner Service
      field. Selecting a Partner Service populates the
      Deployment Specification
      field.
    3. Click the
      Logical Router
      field and select a tier-0 or tier-1 router. NSX-T Manager attaches the VM-Series firewall to the selected router and redirects traffic passing through that router to the VM-Series firewall for inspection. You must select a router with no service insertion attached.
    4. Click
      Next
      .
  8. Configure resource and storage settings.
    1. Select a
      Compute Manager
      . The compute manager is the vCenter server managing your datacenter.
    2. Select a
      Cluster
      . You can deploy the VM-Series firewall on any cluster that does not include any Edge Transport Nodes.
    3. (
      Optional
      ) Select the Resource Pool if you have created any on vCenter server.
    4. Select a
      Datastore
      .
    5. Select the
      Deployment Mode
      for your VM-Series firewall—Standalone or High Availability. If you have an edge node cluster and select High Availability, NSX-T Manager will deploy an additional VM-Series firewall on the standby edge node in addition to the firewall deployed on the active edge node.
    6. Set the
      Failure Policy
      to Allow or Block. The failure policy defines how NSX-T Manager handles traffic that is directed to the VM-Series firewall if the firewall becomes unavailable.
    7. Enter the
      IP Address,
      Gateway
      ,
      Subnet Mask
      , and
      Network ID
      for the VM-Series firewall management port.
    8. If you are deploying the VM-Series firewall in HA mode, repeat the previous step for secondary firewall instance.
    9. Click
      Next
      .
  9. Click on the
    Deployment Template
    field and select a deployment template. Choosing a deployment template automatically populates the template properties.
    Do not edit the Template Property settings
    .
  10. Click
    Finish
    to deploy the VM-Series firewall.

Recommended For You