Secure and Simplify with a Purpose-Built Internal Firewall

Take advantage of a distributed, services-aware firewall to protect your organization’s traffic across private and public clouds, including VMs and containers. With capabilities from L2 to L7 and advanced threat protection, the VMware Service-defined Firewall makes it easy to provide intrinsic security for all traffic — and all workloads — within your network.

Learn How Traditional Firewalls Are Creating Security Compromises

Learn How Traditional Firewalls Are Creating Security Compromises

Read the Forrester report on how to effectively protect east-west network traffic.

How Effective is Your Security?

How Effective is Your Security?

Read the SANS whitepaper on enabling intrinsic security for your data center.

Step Up to a Layer 7 Internal Firewall

Mitigate Security Risk

Leverage the only solution built into the infrastructure that detects and mitigates threats on east-west traffic within the perimeter. From its unique position within the hypervisor, the Service-defined Firewall brings unmatched visibility into both network traffic and app behavior to provide better protection against threats.

Drive Automation and Consistency

Eliminate the security blind-spots that result from numerous discrete solutions and misaligned protection policies. The Service Defined Firewall automatically creates, distributes, moves, and decommissions policies according to each workload’s lifecycle entirely within the infrastructure fabric.

Simplify Security Operations

Replace multiple security appliances with built-in, L2-L7 distributed firewalling and workload protection controls to reduce CapEx by up to 60%. Then slash OpEx and radically simplify operations by eliminating the need for complex traffic hair-pinning architectures and associated management overhead.

What are the Key Differentiators of the Service-defined Firewall?

Visibility into application topology and traffic

Visibility into application topology and traffic

Dynamic, object-based policy model

Dynamic, object-based policy model

Comprehensive threat detection and intelligence

Distributed architecture to enforce policy

Distributed architecture to enforce policy

What Are the Key Use Cases for the Service-defined Firewall?

Go from Micro-segmentation to Full Internal Firewalling

Easily create, enforce, and automatically adapt macro and micro-segmentation policies between environments, compliance zones, applications, or workloads. Leverage stateful Layer 7 firewall controls including AppID, UserID, WAF and URL whitelisting.

More on Micro-segmentation 

Deliver Workload Visibility & Policy Automation

Get 360 degree visibility into every workload, including roles, metadata, process, and network activity. Visualize application topologies automatically, recommend segmentation policies for enforcement, and link policy lifecycles to workloads.

More on Workload Intelligence 

Achieve Compliance with Distributed IDS/IPS

Replace discrete appliances with a fully distributed software IDS/IPS solution to easily achieve compliance, create virtual zones and detect lateral threat movement on east-west (E-W) network traffic.

More on IDS/IPS 

Expand Your Virtual Cloud Capabilities

Deliver Intrinsic Security

Leverage adaptive, intelligent protection and deep visibility to secure apps and workloads in your data centers, clouds, and endpoints.

More on Enterprise Security Solutions 

Build on a Foundation of NSX

Connect and protect applications across your data centers and clouds with virtualized networking and security via VMware NSX.

More on NSX 

IDS/IPS Advanced Threat Detection

Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on E-W traffic & easily achieve compliance.

More on NSX Distributed IDS/IPS 

Streamline Security Operations

Automate security policy recommendations in order to streamline micro-segmentation deployments and enable a more granular security posture.

More on NSX Intelligence