The VM-Series NSX Edition Firewall
Deploy the VM-Series Firewall
After registering the VM-Series firewall as a service (Palo Alto Networks NGFW) on the NSX Manager,
complete the following tasks on the NSX Manager.
Define an IP Address Pool
Specify the Port Groups from Which to Redirect Traffic
Prepare the ESXi Host for the VM-Series Firewall
Deploy the Palo Alto Networks NGFW Service
Define an IP Address Pool
The IP pool is a range of (static) IP addresses that are reserved for establishing management access to the
VM-Series firewalls. When the NSX Manager deploys a new VM-Series firewall, the first available IP address
from this range is assigned to the management interface of the firewall.
Define an IP Pool
To add or verify that the IP pool is defined:
1.
In the
Networking & Security Inventory
of the NSX Manager.
2.
Select
Manage > Grouping Objects > IP Pools
3.
Click
and specify the network access details requested in the screen including the range of static IP
Add IP Pool
addresses that you want to use for the Palo Alto Networks NGFW.
Specify the Port Groups from Which to Redirect Traffic
So that the NSX Manager can redirect traffic to the VM-Series firewall, you must select the port groups or
logical networks for which the VM-Series firewall must secure traffic.
The port groups are defined on the Palo Alto Networks NGFW service profile. The Palo Alto Networks
NGFW service profile simplifies the process of deploying the VM-Series firewall; once configured, the data
traffic from the selected port group will be checked against the NSX security policies. If NSX security policies
are defined and a policy match occurs for the traffic, the traffic is redirected to the VM-Series firewall.
VM-Series
Deployment
Guide
, select the
, and double click to open the configuration details
NSX Manager
.
Deploy the VM-Series NSX Edition Firewall
55