NSX and Palo Alto

amrhafez10 · ‎11-05-2016

Hi

we going to design NSX and integrate with Palo Alto 1000HV

I know that each host must have 1 palo alto VM or more

now, my questions are:

1- does the integration happens between NSX and Palo Alto VM only not physical appliance?

2- do we have to buy panorama?

3- If yes, do we have to buy panorama VM or appliance (physical appliance)?

4- the palo alto VM throughput is 600 M, so If we have traffic more than 600 M, could we deploy 2 palo alto 1000HV per host?

chuckbell · ‎11-06-2016

1- does the integration happens between NSX and Palo Alto VM only not physical appliance?

Yes and no. All VM data plane redirect traffic exists between NSX DFW and VM-Series using NetX API. All mgmt plane traffic exists between NSX Mgr and Panorama and Panorama and physical FWs. This pic should help:

2- do we have to buy panorama?

Yes, Panorama is required

3- If yes, do we have to buy panorama VM or appliance (physical appliance)?

Either

4- the palo alto VM throughput is 600 M, so If we have traffic more than 600 M, could we deploy 2 palo alto 1000HV per host?

You can deploy more than 1 VM-Series FW per host, but most customers use DFW for all L4 controls and only send a subset of L7 Next-Gen traffic to VM-Series vs punting all traffic to Palo Alto.

RenxiaoChen · ‎10-25-2018

hi i have questions too.

the palt alto Integration with nsx ,how is the traffic flow ?

the traffic filter by the nsx's dfw ,first . Then filter by palt alto's fw ?

if use palt alto's fw ，have firewall hairpins??