About the NSX Managers Page
To access this page, click Security Director > Devices > NSX Managers.
Use the NSX Managers page to discover the NSX Manager and perform service registration of the vSRX VM with the NSX Manager. The NSX Manager is added as a device in the Security Director and its inventory is synchronized with Security Director.
Starting in Policy Enforcer Release 19.1R2 onwards, you can select either the north-south or east-west firewall integration while registering the NSX Manager. If you select the north-south firewall integration, you can choose one or more of the already discovered SRX Series devices in Security Director as the perimeter firewall devices. Policy Enforcer is configured as the feed servers for these perimeter devices automatically. For the NSX Managers with north-south firewall integration, create a firewall or IPS group policy. During the creation of a firewall or IPS rule for the corresponding group policy, select the perimeter devices as source addresses.
When you add an NSX Manager in Security Director, the NSX Management RESTful API configures Policy Enforcer as a system log server in NSX Manager. The system log server handler runs in the Policy Enforcer virtual machine. On receiving the security group membership changes from system log, the system log service handler parses the system log and extracts the changed security group details. The security policies with rules having the modified security groups (dynamic address groups) as source or destination addresses are filtered and the perimeter firewall devices assigned to those policies are obtained. A remote procedure call (RPC) is sent to those perimeter firewall devices to update the dynamic address groups. The perimeter firewall devices then obtains and update the IP address feeds from Policy Enforcer.
Before you Begin
Install the Policy Enforcer Release 17.1 OVA image.
After the installation is complete, log in to the Policy Enforcer VM through SSH. Run the service commands to verify the status of the following services:
service nsxmicro status service sd_event_listener status service nsx_callback_listener status service ssh_listener status
If services are stopped, initiate the services again by running the following commands:
service nsxmicro start service sd_event_listener start service nsx_callback_listener start service ssh_listener start
Select Security Director > Administration > Policy Enforcer > Settings, and add Policy Enforcer to Security Director. For more information, see Identifying the Policy Enforcer Virtual Machine In Security Director.
Download the SSH Key. Copy the vSRX OVA file to the Policy Enforcer VM along with the downloaded SSH key. See Download the SSH Key File.
Obtain the vSRX license key before adding the NSX Manager to the Security Director.
Tasks You Can Perform
You can perform the following tasks from this page:
Download the SSH Key. See Download the SSH Key File.
Add the NSX Manager. See Adding the NSX Manager.
Register security services. See Registering Security Services.
Delete the NSX Manager. See Deleting the NSX Manager.
Synchronize the NSX inventory.
Table 1 provides guidelines on using the fields on the NSX Managers page.
Table 1: Fields on the NSX Managers Page
Specifies the hostname or the IPv4 address of the NSX Manager.
Specifies the name of the NSX Manager.
Specifies the hostname or the IP address of the vCenter associated with the NSX Manager that is automatically fetched by Security Director.
Associated vCenter Status
Specifies the connection status of an associated vCenter.
Service Manager Registration Status
Specifies the registration status of the security services.
Specifies the service definition of a selected NSX Manager.
Click View to view the service definition.
Specifies the port number of the NSX Manager.
Specifies the username of the NSX Manager. The user must have the administrator privileges to access the NSX Manager.
Specifies the connection status of the NSX Manager.