An Internal Firewall that Shrinks your Attack Surface


See VMware Service-defined Firewall in Action

Video Play Icon

See It in Action

Check out a demo of our Service-defined Firewall stopping an attack.

Rely on the only purpose-built internal firewall to simultaneously secure east-west network traffic and protect workloads across multi-cloud environments. Virtualize your entire security stack and gain protection that's intrinsic to your infrastructure — so you can mitigate risk, ensure compliance, and lower costs while vastly simplifying the operational model of firewalling every workload.


Dig into the Service-defined Firewall and its Precursors

Internal Network Security Validation Study

Leverage No-Compromise Internal Network Security

With an exponentially growing threat landscape and porous network perimeter, organizations need intrinsic security for apps and data traffic that’s comprehensive, simple, and cost-effective. Instead of the complexity and expense of overlapping, bolt-on security architectures, the VMware Service-defined Firewall delivers a novel approach to internal security — blocking lateral movement of threats and locking down “known good” application behavior — across your multi-cloud environment.

Read the Validation Study

Step Up to a Layer 7 Internal Firewall

Mitigate Security Risk

Leverage the only solution built into the infrastructure that detects and mitigates threats on east-west traffic within the perimeter by orchestrating granular security controls based on both network and application context.

Ensure Compliance

Forget inconsistent policies between discrete solutions and unseen gaps in security coverage. Leverage a single management pane to combine visibility, policy control, and logging for all security services, without compromise.

Simplify Security Operations

Replace multiple discrete security appliances with native controls to reduce CapEx by up to 60%. Then lower OpEx by providing a true 1-click deployment experience and radically simplified operations for security teams.

Understand and baseline application behavior

Understand and baseline application behavior

Dynamic, object-based policy model

Dynamic, object-based policy model

Comprehensive threat detection and intelligence

Distributed architecture to enforce policy

Distributed architecture to enforce policy

What Are the Key Use Cases for the Service-defined Firewall?

Deliver Workload & Application Visibility

Get 360 degree visibility into every workload, including roles, meta-data, process, and network activity. Visualize application topologies, with service groupings and flows between apps, and automatically recommend segmentation policies for enforcement.


More on Application Visibility

Implement Application Micro-Segmentation

Effortlessly create, enforce, and automatically adapt macro- and micro-segmentation policies between environments, compliance zones, applications, or even workloads. Leverage stateful Layer 7 firewall controls including AppID, UserID, WAF, URL whitelisting.


More on Micro-segmentation

Extend Granular Workload Protection

Continuously check the hypervisor, OS, and software for known vulnerabilities and deliver effective app control and reputation scoring for running processes. Protect critical assets such as domain controllers, shared services, and essential apps running inside of micro-segments by locking down known good behavior.


More on Workload Protection

Expand Your Virtual Cloud Capabilities

Transform Your Business

Learn about a new approach to building and operating a single virtual cloud network for all your apps and data, wherever they run.

More on Networking & Security Transformation 

Deliver Intrinsic Security

Leverage adaptive, intelligent protection and deep visibility to secure apps and workloads in your data centers, clouds, and endpoints.

More on Enterprise Security Solutions 

Build on a Foundation of NSX

Connect and protect applications across your data centers and clouds with virtualized networking and security via VMware NSX.

More on NSX 

Get App-Centric Workload Protection

Gain insight and protection for your apps. VMware AppDefense learns an app’s intended behavior, and alerts you to any anomalies.

More on AppDefense