: Use the Post Rulebase to Define NSX-T Steering Rules
Focus
Focus

Use the Post Rulebase to Define NSX-T Steering Rules

Table of Contents
End-of-Life (EoL)

Use the Post Rulebase to Define NSX-T Steering Rules

  1. Create security rules.
    1. In Panorama, select PoliciesSecurityPost Rules.
    2. Verify that you are configuring the security rules in a device group associated with an NSX-T service definition.
    3. Click on the name of a security rule to edit.
    4. Set the Rule Type to intrazone (Devices with PAN-OS 6.1 or later).
    5. In the Source tab, set the source zone to the zone from the template stack associated with the service definition. Then select a dynamic address group you created previously as the Source Address. Do not add any static address groups, IP ranges, or netmasks as a Source Address.
    6. In the Destination tab, Panorama does not allow you to set a destination zone because you set the rule type to intrazone. Then select a dynamic address group you created previously as the Destination Address. Do not add any static address groups, IP ranges, or netmasks as a Destination Address.
    7. Click OK.
    8. Repeat steps 1 through 7 for each steering rule you require.
  2. Commit your changes to Panorama.
  3. Apply Security Policies to the VM-Series Firewall on NSX-T (East-West).