An Internal Firewall that Shrinks your Attack Surface

Rely on the only purpose-built internal firewall to simultaneously secure east-west network traffic and protect workloads across multi-cloud environments. Virtualize your entire security stack and gain protection that's intrinsic to your infrastructure — so you can mitigate risk, ensure compliance, and lower costs while vastly simplifying the operational model of firewalling every workload.

See VMware Service-defined Firewall in Action

Video Play Icon
(18:53)

See It in Action

Check out a demo of our Service-defined Firewall stopping an attack.

Dig Into the Service-defined Firewall and Its Precursors

Dig Into the Service-defined Firewall and Its Precursors

Read the Coalfire benchmark report on how the Service-defined Firewall held up against simulated attacks within the network.

Step Up to a Layer 7 Internal Firewall

Mitigate Security Risk

Leverage the only solution built into the infrastructure that detects and mitigates threats on east-west traffic within the perimeter by orchestrating granular security controls based on both network and application context.

Ensure Compliance

Forget inconsistent policies between discrete solutions and unseen gaps in security coverage. Leverage a single management pane to combine visibility, policy control, and logging for all security services, without compromise.

Simplify Security Operations

Replace multiple discrete security appliances with native controls to reduce CapEx by up to 60%. Then lower OpEx by providing a true 1-click deployment experience and radically simplified operations for security teams.

Understand and baseline application behavior

Understand and baseline application behavior

Dynamic, object-based policy model

Dynamic, object-based policy model

Comprehensive threat detection and intelligence

Distributed architecture to enforce policy

Distributed architecture to enforce policy

What Are the Key Use Cases for the Service-defined Firewall?

Go Beyond Micro-segmentation to Full Internal Firewalling

Effortlessly create, enforce, and automatically adapt macro and micro-segmentation policies between environments, compliance zones, applications, or even workloads. Leverage stateful Layer 7 firewall controls including AppID, UserID, WAF, URL whitelisting.

More on Micro-segmentation >>

Deliver Workload Visibility & Policy Recommendations

Get 360 degree visibility into every workload, including roles, meta-data, process, and network activity. Visualize application topologies, with service groupings and flows between apps, and automatically recommend segmentation policies for enforcement.

More on Workload Visibility >>

Achieve Compliance with Distributed IDS/IPS

Replace discrete appliances with a fully distributed software IDS/IPS solution to easily achieve compliance, create virtual zones and detect lateral threat movement on east-west (E-W) traffic.

More on IDS/IPS >>

Extend Granular Workload Protection

Continuously check the hypervisor, OS, and software for known vulnerabilities and deliver effective app control and reputation scoring for running processes. Protect critical assets such as domain controllers, shared services, and essential apps running inside of micro-segments by locking down known good behavior.

More on Workload Protection >>

Expand Your Virtual Cloud Capabilities

Deliver Intrinsic Security

Leverage adaptive, intelligent protection and deep visibility to secure apps and workloads in your data centers, clouds, and endpoints.

More on Enterprise Security Solutions 

Build on a Foundation of NSX

Connect and protect applications across your data centers and clouds with virtualized networking and security via VMware NSX.

More on NSX 

Advanced Threat Detection with IDS/IPS

Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on E-W traffic & easily achieve compliance.

More on NSX Distributed IDS/IPS 

Get App-Centric Workload Protection

Gain insight and protection for your apps. VMware AppDefense learns an app’s intended behavior, and alerts you to any anomalies.

More on AppDefense