Leverage a Proven Data Center Security Model

Attackers are increasingly focused on finding and exploiting vulnerabilities in your network, making east-west traffic the new battleground. NSX Service-defined Firewall offers a software-delivered, distributed architecture and advanced threat prevention. It enables zero-trust security that’s easy to deploy and automates policy while reducing overall costs.

Hyperscale Throughput

Get complete coverage with up to 20Tbps firewalling per SDDC.

Up to 75% Savings in CapEx

Lower CapEx relative to traditional firewall appliances.

Up to 73% savings in OpEx

Lower OpEx, with no network changes and automated policies.

Benefits of NSX Service-defined Firewall

No Network Changes

Replace multiple appliance-based solutions and radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hair-pinning. 

Eliminate Blind Spots

Get unmatched visibility into your network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.

Security as Code

An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies. 

Consistent Policy Across Multi-Cloud

Achieve agile security via consistent firewall policies across multiple environments. Write your policy once and automatically enforce it everywhere. 

Related Resources

Internal Firewalls for Dummies

Organizations can no longer rely on edge firewalls alone. Learn how internal firewalls provide better security for today’s complex data centers.

A Practical Path to Zero Trust

Learn why organizations are leaning into zero trust security and why traditional firewalls fall short.

The Best Way to Protect East-West Traffic

Bolted-on security solutions can’t deliver the scalability, flexibility and cost effectiveness needed by today. Understand why intrinsic security is key.

Frequently Asked Questions

NSX Service-defined Firewall is a distributed, scale-out internal firewall that protects all east-west traffic with security that’s intrinsic to the infrastructure, radically simplifying the security deployment model.

NSX Service-defined Firewall uses an intrinsic approach to security that's built into the hypervisor. It includes a stateful L4-L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis.

Key capabilities of NSX Service-defined Firewall include:

  • Distributed, granular enforcement of security policies
  • Scalability and throughput
  • Advanced threat prevention
  • Intra-application visibility
  • Centralized management

For full capabilities, see the datasheet.

Use cases for NSX Service-defined Firewall include:

  • Network Segmentation
  • Zero Trust in the Data Center
  • Virtual Patching for all Workloads
  • Block Advanced Threats


Benefits of NSX Service-defined Firewall include:

  • Mitigating security risk
  • Ensuring compliance
  • Accelerating security operations
  • Simplifying security architecture

Why VMware for Internal Firewall

With its distributed architecture delivered in-software, it eliminates all blind spots without requiring network changes.