Table of Contents
Advertisement
The VM-Series NSX Edition Firewall
Deploy the VM-Series NSX Edition Firewall
To deploy the NSX edition of the VM-Series firewall, use the following workflow:
Step 1: Set up the Components—To deploy the VM-Series NSX edition, set up the following
components:
–
Set up the vCenter server, install and register the NSX Manager with the vCenter server.
If you have not already set up the virtual switch(es) and grouped the ESXi hosts in to clusters, refer to
the VMware documentation for instructions on setting up the vSphere environment. This document
does not take you through the process of setting up the VMware components of this solution.
–
Upgrade Panorama to version 6.0.
to Panorama, refer to the
–
Download and save the ovf template for the NSX edition of the VM-Series firewall on a web server.
The NSX Manager must have network access to this web server so that it can deploy the VM-Series
firewall as needed. You cannot host the ovf template on Panorama.
Step
2:
Register—Configure Panorama to register the VM-Series firewall as a service on the NSX
Manager. When registered, the VM-Series firewall is added to the list of network services that can be
transparently deployed as a service by the NSX Manager.
The connection between Panorama and the NSX Manager is also required for licensing and configuring the
firewall.
Step 3:
Deploy the Firewalls
redirect traffic to the VM-Series firewall and to secure the traffic that is redirected to the firewall.
–
(On the NSX Manager) Define the IP address pool. An IP address from the defined range is assigned
to the management interface of each instance of the VM-Series firewall.
–
(On the NSX Manager) Deploy the VM-Series firewall. The NSX Manager automatically deploys an
instance of the VM-1000-HV on each ESXi host in the cluster.
–
(On the NSX Manager) Set up the service composer and create security groups. A security group
assembles the specified guests/applications so that you can apply policy to the group.
–
(On Panorama) Apply policies to the VM-Series firewall. From Panorama, you define, push, and
administer policies centrally on all the VM-Series firewalls. On Panorama, create Dynamic Address
Groups for each security group and reference the Dynamic Address Groups in policy, and then push
the policies to the managed firewalls.
This centralized administration mechanism allows you to secure guests/applications with minimal
administrative intervention.
–
(On the NSX Manager) Define the network introspection rules that redirect traffic to the VM-Series
firewall.
Step 4: Monitor and Maintain Network Security—Panorama provides a comprehensive, graphical
view of network traffic. Using the visibility tools on Panorama—the Application Command Center (ACC),
logs, and the report generation capabilities—you can centrally analyze, investigate and report on all
network activity, identify areas with potential security impact, and translate them into secure application
enablement policies. Refer to the
VM-Series
Deployment
Guide
Create a Device Group and Template on
Panorama Administrator's Guide
and
Create
Policies—Install the VM-Series firewall and create policies to
Panorama Administrator's Guide
Deploy the VM-Series NSX Edition Firewall
Panorama. If you are new
for instructions on setting up Panorama.
for more information.
51
Hide quick links:
Advertisement
Table of Contents
