How Do The Components Work Together - PaloAlto Networks VM-100 Deployment Manual

The VM-Series NSX Edition Firewall VM-Series NSX Edition Firewall Overview

How Do the Components Work Together?

To meet the security challenges in the software-defined datacenter, the NSX Manager, ESXi servers and
Panorama work harmoniously to automate the deployment of the VM-Series firewall.
1. Register the Palo Alto Networks NGFW service—The first step is to register the Palo Alto Networks
NGFW as a service on the NSX Manager. The registration process uses the NetX management plane API to
enable bi-directional communication between Panorama and the NSX Manager. Panorama is configured with
the IP address and access credentials to initiate a connection and register the Palo Alto Networks NGFW service
on the NSX Manager. The configuration includes the URL for accessing the VM-Series base image that is
required to deploy the VM-Series NSX edition firewall, the authorization code for retrieving the license and the
device group to which the VM-Series firewalls will belong. The NSX manager uses this management plane
connection to share updates on the changes in the virtual environment with Panorama.
2. Deploy the VM-Series automatically from NSX—The NSX Manager collects the VM-Series base image
from the URL specified during registration and installs an instance of the VM-Series firewall on each ESXi host
in the ESXi cluster. From a static management IP pool (that you define on the NSX Manager), a management
IP address is assigned to the VM-Series firewall and the Panorama IP address is provided to the firewall. When
the firewall boots up, the NetX dataplane integration API connects the VM-Series firewall to the hypervisor so
that it can receive traffic from the vSwitch.
VM-Series Deployment Guide 45