Specifications
68 VM-Series Deployment Guide
Deploy the VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall
Define Policies to Redirect Traffic to the VM-Series Firewall
Create security policies to steer traffic from the NSX Manager to the VM-Series firewall.
1. Select
Networking and Security > Service Composer > Security Policies, and click Create Security Policy.
2. Add a
Name and a Description.
3. In the
Network Introspection Services, click Add and enter a Name for the service.
4. Set the
Action as Redirect to service, and set the Service Name as Palo Alto NGFW.
5. Select the service profile that you created earlier;
Palo Alto Networks profile 1 in this workflow. This profile
specifies the networks/port groups from which the firewall receives data traffic. It will perform network
introspection services on the port specified in the profile.
6. Use the
Change link under Source and Destination to specify the direction of flow of traffic that requires
network introspection. Either the source or destination selection (or both) must be
Policy's Security Groups,
where you can select the Security Groups you defined earlier.
If, for example, if you want to inspect all incoming traffic from the security groups to the web front end
servers and all outbound traffic from the servers to the security groups, the rule looks as follows:
The completed security policy looks as follows: