201
0

vSphere NSX + Palo Alto Networks + Traffic Steering

Lots of goodness here with the integration of NSX with PAN… Using PAN’s unified interface Panorama deploying security policy into Physical Firewalls, Virtual Firewall Appliances, and into the vSphere NSX in kernel distributed Firewall, you have the best of all worlds…

One of the features of NSX with PAN is the ability to perform traffic steering from the NSX in kernal distributed firewall into the PAN Virtual Appliance to take advantage of the full capabilities of PAN. One gotcha I have seen and recommendation for you is traffic steering should be performed on an exception basis only. Let the NSX in kernel distributed firewall perform the heavy lifting (of firewall policy), and traffic steer only as needed.

 

Related Posts
Making room for NSX… Deleting ESXi VIB’s
NSX Multi Hypervisor using vSphere ESXi
vSphere 6.0 and NSX 6.1