These instructions are for configuring FWaaS v2.

Procedure

  1. Edit /etc/neutron/neutron.conf to add the firewall as a service plugin for NSX-T Data Center, in the default configuration section: service_plugins = firewall_v2
    Service_plugins is a list option. Multiple service plugins can be specified by separating their full class names, or shortcuts, with a comma.
  2. Edit the /etc/neutron/neutron-fwaas.conf file with the following:
    1. Set the firewall as a service driver for NSX-T Data Center, by setting the service_provider option in the service_providers configuration section. service_provider =FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
      [service_auth]  
      auth_version = 3  
      admin_password = password  
      admin_user = admin  
      admin_tenant_name = admin  
      auth_url = http://<keystone_endpoint>/identity/v3 

      The value of this option has a particular structure: <service_type>:<service_name>:<driver_class>:[<default>]. service_provider is a “multi-string” option. Every time it is specified, the value of the option is added to a list. Multiple service providers can be specified by setting the service _provider option for each of them.

    2. Switch on firewall as a service, by setting enabled = True in the FWaaS configuration section.
    3. Set the FWaaS device driver for NSX-T Data Center, by setting: driver = vmware_nsxp_edge_v2 in the FWaaS configuration section.
    4. Set the FWaaS device driver for the NSX Manager plugin by setting driver = vmware_nsxv3_edge_v2 in the FWaaS configuration section.
  3. Check that the file /etc/neutron/neutron-fwaas.conf is added to the neutron server command line. This can be verified by running ps -aux | grep neutron and verifying that /etc/neutron/neutron-fwaas.conf is present in the output.
    If the file is not included, the neutron service launcher should be edited. The location and structure of service launchers depend on the particular OpenStack distribution used.
  4. Restart the neutron service. The specific service name depend on the OpenStack distribution used.