Manualshelf

Specifications

ManualsBrandsCDA ManualsDomestic Appliancesvm200
61626364656667686970
50 VM-Series Deployment Guide
VM-Series NSX Edition Firewall Overview Set Up a VM-Series NSX Edition Firewall
3. Establish communication between the VM-Series firewall and Panorama: The VM-Series firewall then
initiates a connection to Panorama to obtain its license. Panorama retrieves the license from the update server
and pushes it to the firewall. The VM-Series firewall receives the license (VM-1000-HV) and reboots with a valid
serial number.
4. Install configuration/policy from Panorama to the VM-Series firewall: The VM-Series firewall
reconnects with Panorama and provides its serial number. Panorama now adds the firewall to the device group
that was defined in the registration process and pushes the default policy to the firewall. The VM-Series firewall
is now available as a security virtual machine that can be further configured to safely enable applications on the
network.
5. Push traffic redirection rules from NSX Firewall: On the Service Composer on the NSX Firewall, create
security groups and define network introspection rules that specify the guests from which traffic will be steered
to the VM-Series firewall. See Integrated Policy Rules for details.
6. Receive real-time updates from NSX Manager: The NSX Manager sends real-time updates on the
changes in the virtual environment to Panorama. These updates include information on the security groups and
IP addresses of guests that are part of the security group from which traffic is redirected to the VM-Series
firewall. See Integrated Policy Rules for details.
7. Use Dynamic Address Groups in policy and push dynamic updates from Panorama to the VM-Series
firewalls: On Panorama, use the real-time updates on security groups to create Dynamic Address Groups, bind
them to security policies and then push these policies to the VM-Series firewalls. Every VM-Series firewall in
the device group will have the same set of policies and is now completely marshaled to secure the SDDC. See
Policy Enforcement using Dynamic Address Groups for details.
To ensure that traffic from the guests is steered to the VM-Series firewall, you must have VMware
Tools installed on each guest.If VMware Tools is not installed, the NSX Manager does not know
the IP address of the guest and therefore, the traffic cannot be steered to the VM-Series firewall.
For more information, see Steer Traffic from Guests that are not Running VMware Tools.