Solved: NSX 6.3 Cross-VC Partner Security insertion suppor...

JJBN · ‎02-03-2017

Hi,

on NSX 6.3 is Cross-VC 3rd Party service insertion supported? For example, can I insert Palo Alto in a Cross-VC environment and have the Palo Alto rules configured on the primary DC extended to the secondary DC? Same story for F5, is it supported?

I know this can be done via Panorama with standard NSX, but I would like to know if it is natively supported in the new NSX 6.3 release for NSX Cross-VC.

Thanks.

Regards,

JJBN

erikverbruggen · ‎02-08-2017

I'm not sure if I understand your question. Service insertion is already supported in a cross vCenter NSX environment with NSX 6.2 or higher. VMware Documentation Library

The problem is that the service insertion has to be done on an NSX Manager instance. So you would get a one-to-one mapping between NSX Manager and Panorama instance.

For an example how this works; Multi-site with Cross-VC NSX and Palo Alto Networks Security - The Network Virtualization Blog

In this setup you have to create redirection rules on both NSX instances to redirect to the Panorama instance in the correct datacenter.

As far is i know this has not been changed in NSX 6.3 The release notes also do not mention this. NSX for vSphere 6.3.0 Release Notes

View solution in original post

erikverbruggen · ‎02-08-2017