201
0

vSphere NSX + Palo Alto Networks + Traffic Steering

Lots of goodness here with the integration of NSX with PAN… Using PAN’s unified interface Panorama deploying security policy into Physical Firewalls, Virtual Firewall Appliances, and into the vSphere NSX in kernel distributed Firewall, you have the best of all worlds…

One of the features of NSX with PAN is the ability to perform traffic steering from the NSX in kernal distributed firewall into the PAN Virtual Appliance to take advantage of the full capabilities of PAN. One gotcha I have seen and recommendation for you is traffic steering should be performed on an exception basis only. Let the NSX in kernel distributed firewall perform the heavy lifting (of firewall policy), and traffic steer only as needed.

 

Related Posts
UCS and Mixed vPC / Non vPC VLANs
RFC 6598 – IANA Reserved Address Space 100.64.0.0/10
NSX Multi Hypervisor and NTP