Manualshelf

Specifications

ManualsBrandsCDA ManualsDomestic Appliancesvm200
61626364656667686970
48 VM-Series Deployment Guide
VM-Series NSX Edition Firewall Overview Set Up a VM-Series NSX Edition Firewall
NSX Manager
NSX is VMware’s network virtualization platform that is completely integrated with vSphere. The NSX Firewall
and the Service Composer are key features of the NSX Manager. The NSX firewall is a logical firewall that allows
you to attach network and security services to the virtual machines, and the Service Composer allows you to
group virtual machines and create policy to redirect traffic to the VM-Series firewall (called the Palo Alto
Networks NGFW service on the NSX Manager).
Panorama
Panorama is used to register the NSX edition of the VM-Series firewall as the Palo Alto Networks NGFW service
on the NSX Manager. Registering the Palo Alto Networks NGFW service on the NSX Manager allows the NSX
Manager to deploy the NSX edition of the VM-Series firewall on each ESXi host in the ESXi cluster.
Panorama serves as the central point of administration for the VM-Series NSX edition firewalls. When a new
VM-Series NSX edition firewall is deployed, it communicates with Panorama to obtain the license and receives
its configuration/policies from Panorama. All configuration elements, policies, and Dynamic Address Groups
on the VM-Series NSX edition firewalls can be centrally managed on Panorama using Device Groups and
Templates. The REST-based XML API integration in this solution, enables Panorama to synchronize with the
NSX Manager and the VM-Series NSX edition firewalls to allow the use of Dynamic Address Groups and share
context between the virtualized environment and security enforcement. For more information, see Policy
Enforcement using Dynamic Address Groups.
VM-Series NSX Edition
The VM-Series NSX edition is the VM-Series firewall that is
deployed on the ESXi hypervisor. The integration with the
NetX API makes it possible to automate the process of
installing the VM-Series firewall directly on the ESXi
hypervisor, and allows the hypervisor to forward traffic to the
VM-Series firewall without using the vSwitch configuration; it
therefore, requires no change to the virtual network topology.
The VM-Series NSX edition only supports virtual wire
interfaces. In this edition, ethernet 1/1 and ethernet 1/2 are
bound together through a virtual wire and use the NetX
dataplane API to communicate with the hypervisor. Layer 2 or
Layer 3 interfaces are neither required nor supported on the VM-Series NSX edition, and therefore no switching
or routing actions can be performed by the firewall.
The only license available for this version of the VM-Series firewall is the VM-1000-HV. For a brief summary
on the capacity, see VM-Series Models; for complete information on the maximum capacities supported on the
VM-1000-HV license refer to the VM-Series datasheet.