: About the VM-Series Firewall on vCloud Air
Focus
Focus

About the VM-Series Firewall on vCloud Air

Table of Contents

About the VM-Series Firewall on vCloud Air

Where Can I Use This?What Do I Need?
  • vCloud Air
  • VM-Series Firewall License (BYOL)
  • Panorama
  • VM-Series Plugin
You can deploy the VM-Series firewall in a virtual data center (vDC) on VMware vCloud Air using the vCloud Air portal or from the vCloud Director portal. And to centrally manage all your physical and VM-Series firewalls, you can use an existing Panorama or deploy a new Panorama on premise or on vCloud Air.
The VM-Series firewall on vCloud Air requires the following:
  • ESXi version of the software image, an Open Virtualization Alliance (OVA) file, from the Palo Alto Networks Customer Support web site. Currently, the vCloud Air Marketplace does not host the software image.
    In order to efficiently deploy the VM-Series firewall, include the firewall software image in a vApp. A vApp is a container for preconfigured virtual appliances (virtual machines and operating system images) that is managed as a single object. For example, if your vApp includes a set of multi-tiered applications and the VM-Series firewall, each time you deploy the vApp, the VM-Series firewall automatically secures the web server and database server that get deployed with the vApp.
  • License and subscriptions purchased from a partner, reseller, or directly from Palo Alto Networks, in the Bring Your Own License (BYOL) model; the usage-based licensing for the VM-Series on vCloud Air is not available.
  • Due to the security restrictions imposed on vCloud Air, the VM-Series firewall on vCloud Air is best deployed with Layer 3 interfaces and the interfaces must be enabled to use the hypervisor assigned MAC address. If you do not enable hypervisor assigned MAC address, the VMware vSwitch cannot forward traffic to the dataplane interfaces on the VM-Series firewall because the vSwitch on vCloud Air does not support promiscuous mode or MAC forged transmits. The VM-Series firewall cannot be deployed with tap interfaces, Layer 2 interfaces, or virtual wire interfaces.
The VM-Series firewall on vCloud Air can be deployed in an active/passive high availability configuration. However, the VM-Series firewall on vCloud Air does not support VM Monitoring capabilities for virtual machines that are hosted on vCloud Air.
To learn all about vCloud Air, refer to the VMware vCloud Air documentation.