Supported Deployments of the VM-Series Firewall on VMware NSX-T (North-South)

You can deploy one or more instances of the VM-Series firewall as a partner service in your VMware NSX-T Data Center. Attach a VM-Series firewall to any tier-0 or tier-1 logical router to protect north-south traffic. You can deploy the VM-Series firewall as standalone service instance or two firewalls in a high-availability (HA) pair. Panorama manages the connection with NSX-T Manager and the VM-Series firewalls deployed in your NSX-T software-defined datacenter.
nsxt-north-south-insertion.png
  • Tier-0 Insertion—Tier-0 insertion deploys a VM-Series firewall to a tier-0 logical router, which processes traffic between logical and physical networks. When you deploy the VM-Series firewall with tier-0 insertion, NSX-T Manager uses the deployment information you configured on Panorama to attach a firewall to a tier-0 logical router in virtual wire mode.
  • Tier-1 Insertion—Tier-1 insertion deploys a VM-Series firewall to a tier-1 logical router, which provides downlink connections to segments and uplink connection to tier-0 logical routers. NSX-T Manager attaches VM-Series firewalls deployed with tier-1 insertions to a tier-1 logical router in virtual wire mode.
After deploying the firewall, you configure traffic redirection rules that send traffic to the VM-Series firewall when crossing a tier-0 or tier-1 router. Security policy rules that you configure on Panorama are pushed to managed VM-Series firewalls and then applied to traffic passing through the firewall.

Recommended For You