Specifications

62 VM-Series Deployment Guide

Deploy the VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall

The port groups are defined on the Palo Alto Networks NGFW service profile. The Palo Alto Networks

NGFW service profile simplifies the process of deploying the VM-Series firewall; once configured, the data

traffic from the selected port group will be checked against the NSX security policies. If NSX security policies

are defined and a policy match occurs for the traffic, the traffic is redirected to the VM-Series firewall.

Prepare the ESXi Host for the VM-Series Firewall

Before you deploy the VM-Series firewall, each guest in the cluster must have the necessary NSX components

that allow the NSX firewall and the VM-Series firewall to work together. The NSX Manager will install the

components— the Ethernet Adapter Module (.eam) and the SDK —required to deploy the VM-Series firewall.

Select the Port Groups from which to Redirect Traffic to the Palo Alto Networks NGFW

1. Select Networking and Security > Service Definitions, and double click the Palo Alto Networks NGFW service.

2. Click the

Palo Alto NetworksNGFW-GlobalInstance link to view the profile for the service instance.

3. Click the

Palo Alto Networks profile 1 link, and select the Applied Objects option.

4. Edit the profile to add one or more

Logical Networks or Distributed Virtual Port Groups from which the firewall

will receive data traffic.

Note In order for the VM-Series firewall to receive traffic from the selected port group, NSX security policies that

steer traffic to the Palo Alto NGFW service must also be defined. For details, see Define Policies on the NSX

Manager.

5. Click

OK to save the changes.