Create Template Stacks and Device Groups on Panorama

To manage the VM-Series firewalls for NSX-T using Panorama, the firewalls must belong to a device group and a template that is a member of a template stack. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the
Objects
and
Policies
tabs on Panorama. Use template stacks to configure the settings that are required for the VM-Series firewalls to operate on the network and associate; the configuration is defined using the
Device
and
Network
tabs on Panorama. And each template stack with zones used in your NSX-T configuration on Panorama must be associated with a service definition; at a minimum, you must create a zone within the template stack so that the NSX-T Manager can redirect traffic to the VM-Series firewall.
Panorama can support deployments of both NSX-T North-South and NSX-T East-West at the same time. It is recommend that you configure separate device groups, template stacks, and service definitions for NSX-T North-South and NSX-T East-West.
  1. Add a device group or a device group hierarchy.
    1. Select
      Panorama
      Device Groups
      , and click
      Add
      . You can also create a device group hierarchy.
    2. Enter a unique
      Name
      and a
      Description
      to identify the device group.
    3. Click
      OK
      .
    4. Click
      Commit
      and select
      Panorama
      as the
      Commit Type
      to save the changes to the running configuration on Panorama.
  2. Add a template.
    1. Select
      Panorama
      Templates
      , and click
      Add
      .
    2. Enter a unique
      Name
      and a
      Description
      to identify the template.
    3. Click
      OK
      .
    4. Click
      Commit
      , and select
      Panorama
      as the
      Commit Type
      to save the changes to the running configuration on Panorama.
  3. Create a template stack.
    1. Select
      Panorama
      Templates
      , and click
      Add Stack
      .
    2. Enter a unique
      Name
      and a
      Description
      to identify the template.
    3. Click
      OK
      .
    4. Click
      Commit
      , and select
      Commit to Panorama
      to save the changes to the running configuration on Panorama.
  4. Create the zone(s) for each template.
    Each zone is mapped to a service profile on NSX-T Manager. To qualify, a zone must be of the virtual wire type and a template associated with a service definition.
    You can add up to 32 zones in each template.
    1. Select
      Network
      Zones
      .
    2. Select the correct template in the
      Template
      drop-down.
    3. Select
      Add
      and enter a zone
      Name
      .
    4. Set the interface
      Type
      to
      Virtual Wire
      .
    5. Click
      OK
      .
    6. Verify that the zones are attached to the correct template.
      nsxt-ew-zones-in-template.png
    7. Click
      Commit
      , and select
      Panorama
      as the
      Commit Type
      to save the changes to the running configuration on Panorama.
      Panorama creates a corresponding service profile on NSX-T Manager for each qualified zone upon commit.

Recommended For You