Enable Communication Between the NSX Manager and Panorama
To automate the provisioning of the VM-Series firewall for NSX, enable communication between the NSX Manager and Panorama. This is a one-time setup, and only needs to be modified if the IP address of the NSX Manager changes or if the capacity license for deploying the VM-Series firewall is exceeded.
- Log in to the Panorama web interface.Using a secure connection (https) from a web browser, log in using the IP address and password you assigned during initial configuration (https://<IP address>).
- Set up access to the NSX Manager.
- Select PanoramaVMware NSXService Managers and click Add.
- Enter the Service Manager Name.On the NSX Manager, this name displays in the Service Manager column on Networking & SecurityService DefinitionsService Managers.
- (Optional) Add a Description that identifies the VM-Series firewall as a service.
- Enter the NSX Manager URL—IP address or FQDN—at which to access the NSX Manager.
- Enter the NSX Manager Login credentials—username
and password, so that Panorama can authenticate to the NSX Manager.The ampersand (&) special character is not supported in the NSX manager account password. If a password includes an ampersand, the connection between Panorama and NSX manager fails.If you change your NSX Manager login password, ensure that you update the password on Panorama immediately. An incorrect password breaks the connection between Panorama and NSX Manager. Panorama does not receive updates about changes to your deployment while disconnected from NSX Manager.
- Click OK.
- Commit your changes to Panorama.Select Commit and Commit Type: Panorama.
- Verify the connection status on Panorama.To view the connection status between Panorama and the NSX Manager.
- Select PanoramaVMware NSXService Managers.
- Verify the message in the Status column.When the connection is successful, the status displays as Registered. This indicates that Panorama and the NSX Manager are in sync and the VM-Series firewall is registered as a service on the NSX Manager.The unsuccessful status messages are:
- Not connected: Unable to reach/establish a network connection to the NSX Manager.
- Not authorized: The access credentials (username and/or password) are incorrect.
- Not registered: The service, service manager, or service profile is unavailable or was deleted on the NSX Manager.
- Out of sync: The configuration settings defined on Panorama are different from what is defined on the NSX Manager.Click the link for details on the reasons for failure. For example, NSX Manager may have a service definition with the same name as defined on Panorama. To fix the error, use the service definition name listed in the error message to validate the service definition on the NSX Manager. Until the configuration on Panorama and the NSX Manager is synchronized, you cannot add a new service definition on Panorama.
- No service/ No service profile: Indicates an incomplete configuration on the NSX Manager.
- Verify that the firewall is registered as a service on
the NSX Manager.
- On the vSphere web client, select Networking & SecurityService DefinitionsService Managers.
- Verify that Palo Alto Networks displays as a vendor in the list of services available for installation.
- If you are running VMware NSX plugin 2.0.4 or later,
you can configure Panorama to automatically synchronize dynamic
objects with NSX manager as if you issued an Synchronize
Dynamic Objects. By default, the DAG Sync interval is
disabled and the value is set to zero (0). To enable the DAG Sync,
set the interval between one hour and 72 hours. Setting a value
of zero hours disables the DAG sync. To configure or disable the
interval, complete the following procedure.
- Log in to the Panorama CLI.
- Execute the following command.request plugins vmware_nsx dag-sync-interval interval <interval-in-hours>You can view the configured value with the following show command.show plugins vmware_nsx dag-sync-interval
Configure Access to the NSX Manager
Configure Access to the NSX Manager Panorama > VMware NSX > Service Managers To enable Panorama to communicate with the NSX Manager, Add and configure ...
Deploy the VM-Series Firewall in a Multi-NSX Manager Environment
Deploy the VM-Series Firewall in a Multi-NSX Manager Environment Whether you are deploying a single NSX Manager or a multi-NSX Manager environment, set up the ...
Create the Service Definitions on Panorama
Create the Service Definitions on Panorama A service definition specifies the configuration for the VM-Series firewalls installed on each host in an ESXi cluster. The ...
How Do the Components in the VM-Series Firewall for NSX Solution Work Together?
How Do the Components in the VM-Series Firewall for NSX Solution Work Together? To meet the security challenges in the software-defined data center, the NSX ...
Register the VM-Series Firewall as a Service on the NSX Manager
Register the VM-Series Firewall as a Service on the NSX Manager You need to enable communication between Panorama and the NSX Manager and then register ...
VM-Series Firewall for NSX Deployment Checklist
VM-Series Firewall for NSX Deployment Checklist To deploy the VM-Series firewall for NSX, use the following workflow: Step 1: Set up the Components —To deploy ...
Create Service Definitions
Create Service Definitions Panorama > VMware NSX > Service Definitions A service definition allows you to register the VM-Series firewall as a partner security service ...
Panorama Panorama is used to register the VM-Series firewall for NSX as the Palo Alto Networks NGFW service on the NSX Manager. Registering the Palo ...
Dynamically Quarantine Infected Guests
Dynamically Quarantine Infected Guests Threat and traffic logs in PAN-OS include the source or destination universally unique identifier (UUID) of guest VMs in your NSX ...