you are moving from an NSX-V deployment to an NSX-T deployment or
combining and NSX-T deployment with an NSX-V deployment, you can
extend your existing security policy from NSX-V to NSX-T without
having to recreate the policy rules. This is achieved by leveraging
your existing device groups and sharing them between the NSX-V and NSX-T
service definitions. After migrating your policy to NSX-T, you can
continue using the VM-Series for NSX-V or remove your NSX-V deployment.
Configure an NSX-T
service definition for each NSX-V service definition in your deployment.
Do not create new device groups; instead use your existing NSX-V device
groups. Using the existing device groups allows you to apply the
same security policy rules used on NSX-V to the VM-Series firewalls
deployed on NSX-T. If you have policy that reference a particular
zone, add the same template stack from your NSX-V service definition
to your NSX-T service definition. Additionally, if your device group references
a particular template, ensure that you select the template stack
that includes the template referenced in the device group.
Configure an NSX-T service manager and associate the
NSX-T service definitions to the service manager.
Prepare your NSX-T environment and deploy the VM-Series
firewall. You must create your security groups, service chains,
and traffic redirection policy before launching the VM-Series firewall.
Add the NSX-T tags to you existing dynamic address groups.
Click on the name of an existing NSX-V dynamic address
Add Match Criteria
display the tags from NSX-V and NSX-T.
Add the NSX-T tag to the dynamic address groups. Be
sure to use the
operator between the tags.
When you have added all the necessary tags, click
After your VM workloads have successfully migrated from
NSX-V to NSX-T, you remove the NSX-V tags from your dynamic address
groups if you plan to discontinue use of NSX-V. All NSX-V tags and
corresponding IP addresses are unregistered after all NSX-V related
configuration is removed from the Panorama plugin for NSX and VM-Series
firewall configuration is removed from NSX-V manager.