Scribd
Upload
15 views

VMware NSX Distributed Firewall Data Sheet EN

Broadcom NSX

Uploaded by

covandoj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

VMware NSX Distributed Firewall Data Sheet EN

Broadcom NSX

Uploaded by

covandoj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Datasheet

VMware NSX
Distributed Firewall
Stop the lateral spread of threats inside
your data center
At a glance Modern, distributed applications require new defenses
KEY BENEFITS In a rapidly changing world, enterprises need a better way to defend a growing
• No network changes number of dynamic workloads, and correspondingly large volumes of east-west
Radically simplify firewall deployment (internal) network traffic, against cyberattacks. Traditional, appliance-based
and operations by eliminating changes
security solutions are no longer adequate to protect today’s applications, and
to the network while avoiding traffic
perimeter firewalls designed for north-south traffic are ineffective at delivering
hair-pinning. Replace multiple appliance-
based solutions for a per workload stateful the control and performance needed for dynamic workloads. Instead, an internal
L7 firewall that’s delivered as software, firewall delivers distributed, granular enforcement for securing east-west traffic
reducing CapEx by up to 75 percent. while reducing operational cost and complexity.
• No blind spots
Get complete coverage for network Operationalizing east-west security at scale
security across all flows with the only L7
firewall deployed as software into the The NSX Distributed Firewall (DFW) is a software-defined Layer 7 firewall
hypervisor in a distributed architecture purpose-built to secure multi-cloud traffic across virtualized workloads. It
at every workload. Get visibility and provides stateful firewalling with IDS/IPS, sandboxing, and NTA/NDR—delivered
workload context to identify and block as software and distributed to each host. With complete visibility into applications
threats while remaining isolated from and flows, NSX DFW delivers superior security with policy automation that’s
the attack surface.
linked to the workload lifecycle. Unlike traditional firewalls that require network
• Security as code redesign and traffic hair-pinning, the NSX DFW distributes the firewalling to
Deliver “security as code” with an each host, radically simplifying the security architecture. This allows security
API-driven, object-based model that
teams to easily segment the network, stop the lateral movement of attacks,
delivers policy recommendations,
and automate policy in a vastly simpler operational model.
automates policy mobility, and ensures
new workloads automatically receive
appropriate security policies.
• Dynamic policy orchestration
Achieve agile security via consistent
firewall policies across multiple
environments. Ensure workloads main
their security policies throughout their
lifecycle—regardless of where the
workload lives or moves. Write your
policy once and automatically enforce
it everywhere.
• Tapless NTA
Enable Network Traffic Analysis (NTA)
Figure 1: VMware NSX Distributed Firewall Architecture
at every workload to detect anomalous
activity and malicious behavior as it moves
laterally across the network, even on
encrypted traffic, without the complexity
and overhead of network tapping.

1
VMware NSX Distributed Firewall

Use cases Key capabilities


• Simplify network segmentation • Elastic throughput: Scales with workload automatically for massive traffic
Gain visibility on traffic and easily create inspection capacity, eliminating the throughput constraints typical of
network segmentation or virtual security appliance-based firewalls
zones in minutes with no changes to
your network by defining them entirely • Distributed architecture: Built-into the hypervisor and managed as a single
in software. There is no need to deploy firewall, eliminating blind spots while radically simplifying deployment
discrete appliances or hairpin traffic.
• Superior workload context: Enjoys in-depth workload and network context
• Implement micro-segmentation for from its unique position in the hypervisor, enabling superior threat detection
zero trust and faster forensics
Automatically generate policy
• No Network Taps NTA: Going beyond simple anomaly detection, NSX DFW
recommendations based on intrinsic
understanding of application topology. focuses on the anomalies that are relevant from a security perspective
This allows you to easily create, • Better security: Offers full security stack across firewalling, IDS/IPS, sandbox,
enforce, and manage granular micro- NTA, NDR, and even monitors encrypted traffic
segmentation policies and leverage
object-based policy model for
automation. A modern firewall for today’s modern network
• Enable granular virtual patching Traditional firewall solutions are not able to deliver the scalability, agility, and
Take advantage of IDS/IPS at every host cost effectiveness needed by today’s security teams. VMware NSX Distributed
to monitor all your traffic flows, identify Firewall is distributed, service-aware, and operationally simple—making it easy
malicious traffic on a per hop basis, to operationalize east-west security at the scale needed across today’s multi-
and apply virtual patching to ensure cloud world. With an internal firewall from VMware, CISOs and their teams can
unpatched servers inside the data
mitigate risk, enable compliance, and move at the speed of development.
center cannot be exploited.
• Block advanced threats
Leverage multiple detection engines
in the distributed IDS/IPS, NTA, and
sandbox to block advanced threats
from moving laterally, even through
encrypted traffic. This allows you to
get network detection and response
(NDR) that correlates events across all
detection engines to identify intrusions.

Learn more
Check out these resources to learn more
about protecting modern, distributed
applications with an internal firewall.
Reach out to your VMware Sales
Representative for further details.
Read about the VMware NSX Distributed
Firewall.

Visit the VMWare NSX Data Center page.

Copyright © 2021 VMware, Inc. All rights reserved. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001
VMware and the VMware logo are registered trademarks or trademarks of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware products are covered by one or more patents listed at vmware.com/go/patents.
Item No: vmw-ds-nsx-distributed-firewall-v2-uslet 11/21

You might also like