: Deploy the VM-Series Firewall in a Multi-NSX Manager Environment
Focus
Focus

Deploy the VM-Series Firewall in a Multi-NSX Manager Environment

Table of Contents
End-of-Life (EoL)

Deploy the VM-Series Firewall in a Multi-NSX Manager Environment

Whether you are deploying a single NSX-V Manager or a multi-NSX Manager environment, set up the connection between an NSX-V Manager and Panorama before you continue on to set up the next NSX-V Manager with Panorama.
  1. Install the VMware NSX Plugin version 2.0 as it allows you to connect up to 16 NSX-V Managers. This version of the plugin allows you to add more than one Service Manager to your VM-Series firewall for NSX-V configuration on Panorama.
  2. Enable Communication Between the NSX-V Manager and Panorama.
  3. Create Template(s), Template Stack(s), and Device Group(s) on Panorama. Device groups and template stacks push the security policy and network settings to the VM-Series firewalls in each ESXi cluster.
    When configuring policy rules and objects, verify that you have selected the correct device group.
    When configuring network and device settings, verify that you have selected the correct template stack.
  4. Create the Service Definitions on Panorama and attach them to the service manager. Each service definition can reference one device group and one template stack. Panorama supports up to 32 service definitions across all service managers.
  5. Configure dynamic address groups or security groups and redirect traffic to the VM-Series firewall.
    Verify that you have selected the correct device group so the right steering rules are sent to the corresponding NSX-V Manager.
  6. Deploy the Palo Alto Networks NGFW Service on each ESXi cluster by using the relevant service definitions.
  7. Repeat this process for each NSX-V Manager.
    1. Select PanoramaVMwareNSX-VService Managers and click Add.
    2. Enable Communication Between the NSX-V Manager and Panorama.