66
VM-Series
Deployment
Guide
Deploy the VM-Series Firewall
Set Up a VM-Series NSX Edition Firewall
Specify the Port Groups from Which to Redirect Traffic
So that the NSX Manager can redirect traffic to the VM-Series firewall, you must select the port groups or
logical networks for which the VM-Series firewall must secure traffic.
The port groups are defined on the Palo Alto Networks NGFW service profile. The Palo Alto Networks
NGFW service profile simplifies the process of deploying the VM-Series firewall; once configured, the data
traffic from the selected port group will be checked against the NSX security policies. If NSX security policies
are defined and a policy match occurs for the traffic, the traffic is redirected to the VM-Series firewall.
Select the Port Groups from which to Redirect Traffic to the Palo Alto Networks NGFW
Step 1
Select
Networking and Security > Service Definitions
,
and double click the
Palo Alto Networks NGFW
service.
Step 2
Click the
Palo Alto NetworksNGFW-GlobalInstance
link to view the profile for the service instance.
Step 3
Click the
Palo Alto Networks profile 1
link, and select the
Applied Objects
option.
Step 4
Edit the profile to add one or more
Logical Networks
or
Distributed Virtual Port Groups
from which the
firewall will receive data traffic.
In order for the VM-Series firewall to receive traffic from the selected port group, NSX security policies
that steer traffic to the Palo Alto NGFW service must also be defined. For details, see
Define Policies
on the NSX Manager
.
Step 5
Click
OK
to save the changes.