NetScaler SDX

Palo Alto Networks VM-Series

Palo Alto Networks VM-Series virtual firewalls use the same PAN-OS feature set that is available in the company’s physical security appliances, providing all key network security functions. VM-Series on NetScaler SDX enables consolidation of advanced security and ADC capabilities on a single platform, for secure, reliable access to applications by businesses, business units, and service-provider customers. The combination of VM-Series on NetScaler SDX also provides a complete, validated, security and ADC solution for Citrix Virtual Apps and Desktops deployments.

You can provision, monitor, manage, and troubleshoot an instance from the Management Service.

Points to note:

  • The total number of instances that you can provision on an SDX appliance depends on the SDX hardware resources available.

  • SR-IOV interfaces (1/x and 10/x) that are part of a channel do not appear in the list of interfaces because channels are not supported on a Palo Alto VM-Series instance. For more information about the Palo Alto Network VM-Series, seePalo Alto Network Documentation.

Provision a PaloAlto VM-Series instance

Before you can provision a Palo Alto VM-Series instance, you must download an XVA image from thePalo Alto Networks website. After you have downloaded the XVA image, upload it to the SDX appliance.

来upload an XVA image to the SDX appliance:

  1. On the配置tab, navigate toPaloAlto VM-Series > Software Images.
  2. In the details pane, underXVA Files, from theActiondrop-down list, clickUpload.
  3. In the dialog box that appears, clickBrowse, and then select the XVA file that you want to upload.
  4. ClickUpload. The XVA file appears in theXVAFiles pane.

来provision a Palo Alto VM-Series instance:

  1. On the配置tab, navigate toPaloAlto VM-Series > Instances.
  2. In the details pane, clickAdd.
  3. In the Provision PaloAlto VM-Series wizard, follow the instructions on the screen.
  4. ClickFinish, and then clickClose.

After provisioning the instance, log on to the instance and perform the detailed configuration.

来modify the values of the parameters of a provisioned instance, in the details pane, select the instance that you want to modify, and then clickModify. In the Modify PaloAlto VM-Series wizard, set the parameters to values suitable for your environment.

Note:If you modify any of the interface parameters or the name of the instance, the instance stops and restarts to put the change into effect.

Monitor a Palo Alto VM-Series instance

The SDX appliance collects statistics, such as the version ofSDXToolsrunning on the instance, of a Palo Alto VM-Series instance.

来view the statistics related to a Palo Alto VM-Series instance:

  1. Navigate toPaloAlto VM-Series > Instances.
  2. In the details pane, click the arrow next to the name of the instance.

Manage a PaloAlto VM-Series instance

You can start, stop, restart, force stop, or force restart a PaloAlto VM-Series instance from the Management Service.

On the配置tab, expandPaloAlto VM-Series.

  1. Navigate toPaloAlto VM-Series > Instances.
  2. In the details pane, select the instance on which you want to perform the operation, and then select one of the following options:

    • Start
    • Shut Down
    • Reboot
    • Force Shutdown
    • Force Reboot
  3. In the Confirm message box, clickYes.

Troubleshoot a PaloAlto VM-Series instance

Ping a PaloAlto VM-Series instance from the Management Service to check whether the device is reachable. You can trace the route of a packet from the Management Service to an instance to determine the number of hops involved in reaching the instance.

Rediscover an instance to view the latest state and configuration of an instance. During rediscovery, the Management Service fetches the configuration and the version of the PaloAlto VM-Series running on the SDX appliance. By default, the Management Service schedules instances for rediscovery once every 30 minutes.

On the配置tab, expandPaloAlto VM-Series.

来ping an instance:

  1. ClickInstances.
  2. In the details pane, select the instance that you want to ping, and from theActionlist, clickPing. ThePingmessagebox shows whether the ping is successful.

来trace the route an instance:

  1. ClickInstances.
  2. In the details pane, select the instance that you want to ping, and from theActionlist, clickTraceRoute. TheTraceroutemessage box displays the route to the instance.

来rediscover an instance:

  1. ClickInstances.
  2. In the details pane, select the instance that you want to rediscover, and from theActionlist, clickRediscover.
  3. In the Confirm message box, clickYes.
Palo Alto Networks VM-Series