1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on VMware NSX
    5. Set Up the VM-Series Firewall on VMware NSX-T (North-South)
    6. Deploy the VM-Series Firewall on NSX-T (North-South)
    7. Create Template Stacks and Device Groups on Panorama

    Create Template Stacks and Device Groups on Panorama

    To manage the VM-Series firewalls on NSX-T using Panorama, the firewalls must belong to a device group and a template stack. Device groups allow you to assemble firewalls that need similar policies and objects as a logical unit; the configuration is defined using the
    Objects
     and
    Policies
     tabs on Panorama. Use template stacks to configure the settings that are required for the VM-Series firewalls to operate on the network; the configuration is defined using the
    Device
     and
    Network
     tabs on Panorama. Each template stack used in your NSX-T configuration must be associated with a service definition.
    Firewalls deployed in NSX-T have two default zones and two interfaces configured in virtual-wire mode. Ethernet1/1 is part of zone
    south
     and ethernet1/2 is part of zone
    north
    . To push policy rules from Panorama to managed firewalls, you must configure zones and interfaces matching those on the firewall in the corresponding template stack on Panorama.
    1. Add a device group or a device group hierarchy.
      1. Select
        Panorama
        Device Groups
        , and click
        Add
        . You can also create a device group hierarchy.
      2. Enter a unique
        Name
         and a
        Description
         to identify the device group.
      3. Click
        OK
        .
      4. Click
        Commit
         and select
        Panorama
         as the
        Commit Type
         to save the changes to the running configuration on Panorama.
    2. Add a template.
      1. Select
        Panorama
        Templates
        , and click
        Add
        .
      2. Enter a unique
        Name
         and a
        Description
         to identify the template.
      3. Click
        OK
        .
      4. Click
        Commit
        , and select
        Panorama
         as the
        Commit Type
         to save the changes to the running configuration on Panorama.
    3. Create a template stack.
      1. Select
        Panorama
        Templates
        , and click
        Add Stack
        .
      2. Enter a unique
        Name
         and a
        Description
         to identify the template.
      3. Click
        Add
         to add the template you created previously.
      4. Click
        OK
        .
      5. Click
        Commit
        , and select
        Commit to Panorama
         to save the changes to the running configuration on Panorama.
    4. Configure the virtual wire, interfaces, and zones. Ensure that you select the correct template from the drop-down shown below. The objects you create must meet the following criteria:
      If you change the default virtual wire or zone names, the virtual wire and zones on Panorama must match the names used on the firewall.
      • Use
        ethernet1/1
         and
        ethernet1/2
        .
      • The virtual wire object named
        vw1
        .
      • The first zone named
        south
        , type
        virtual-wire
        , and contain
        ethernet1/1
        .
      • The second zone named
        north
        , type
        virtual-wire
        , and contain
        ethernet1/2
        .
      Repeat this process for each template in your deployment.
      nsxt-interface-configs.png
    5. Click
      Commit
      , and select
      Panorama
       as the
      Commit Type
       to save the changes to the running configuration on Panorama.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo