Secure Your Data Center with a Purpose-Built Firewall

Protect rising east-west traffic with NSX Service-defined Firewall. Gain superior protection with an easy-to-deploy, purpose-built firewall that secures data center traffic across all your workloads.

Modern Data Center Security in Action

The easiest way to eliminate blind spots.

Watch Now 

Distributed Internal Firewall for Dummies

Quickly learn all about internal firewalls and how they provide better security for today’s complex data centers with operational ease.

Get the eBook 

Hyperscale Throughput

Get complete coverage with up to 20Tbps firewalling per SDDC.


Up to 75% Savings in CapEx

Lower CapEx relative to traditional firewall appliances.


Up to 73% savings in OpEx

Lower OpEx, with no network changes and automated policies.

Leverage a Proven Data Center Security Model

Attackers are increasingly focused on finding and exploiting vulnerabilities in your network, making east-west traffic the new battleground. The VMware NSX Service-defined Firewall makes it difficult for malicious actors to stay in your network. Its distributed architecture, delivered in software, includes a full-stack, scale-out internal firewall and advanced threat prevention. This enables zero trust security for your software-defined data center that’s easy to deploy and automates policy, while reducing overall costs.

Use Cases 

Network Segmentation

Gain visibility into traffic and easily create network segmentation by defining them entirely in software — no need to change your network or hairpin traffic by deploying discrete appliances.

Virtual Patching for all Workloads

Detect and prevent malicious traffic with distributed IDS/IPS at every workload, allowing you to reduce workload significantly by applying virtual patching to vulnerable workloads.

Zero Trust in the Data Center

Easily create, enforce, and manage micro-segmentation policies with deep visibility and comprehensive policy controls.

Block Advanced Threats

Leverage multiple advanced threat prevention techniques to detect intrusion attempts and malicious behavior from known and unknown malware and block threats from moving laterally across your network.


No Network Changes

Radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hairpinning. Replace multiple appliance-based solutions with a per-workload stateful L7 firewall that’s delivered in software, reducing CapEx by up to 75%.

No Blind Spots

Leverage the only stateful L7 firewall built into the infrastructure that prevents lateral movement of attacks. Deployed into the hypervisor, NSX Service-defined Firewall enjoys unmatched visibility into network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.

Security as Code

Speed your network operations by enabling a true public cloud security experience in your private cloud. Deliver “security as code” with an API-driven, object-based policy model that delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies.

Consistent Policy Across Multi-Cloud

Achieve agile security via consistent firewall policies across multiple environments. Regardless of where your workload lives or moves, your virtualized, containerized and physical workloads will maintain their security policies. Write your policy once, and automatically enforce it everywhere.

Spotlight on Service-defined Firewall

Is This Security Thing Working?

Is This Security Thing Working?

SANS discusses challenges with today’s data center security and the need for an intrinsic approach.

Read the Whitepaper 
Rethink Your Firewall Strategy

Rethink Your Firewall Strategy

Security professionals are realizing that an over-reliance on traditional firewalls is forcing trade-offs between security coverage and operational simplicity.

Get the Report  
A Practical Path to Zero Trust in the Data Center

A Practical Path to Zero Trust in the Data Center

Protect what matters—the applications and data—inside your data centers with a phased approach to zero trust.

Download White Paper 
Protect Physical Workloads

Protect Physical Workloads

Learn how NSX gateway firewalling can secure zone boundaries and physical workloads using a bare metal agent with unified management.

Read the Blog 

Customer Stories

Securely Drive Productivity and Flexibility

Securely Drive Productivity and Flexibility

Preferred Mutual maximizes remote employee and IT staff productivity while ensuring the security of company data with NSX, Workspace One, and Horizon.

Meet Government Security Regulations

Meet Government Security Regulations

Cenitex delivers the rock-solid security that governments require with a fully-integrated range of VMware solutions across data centers and digital workspaces.

Elevate and Consolidate Security

Elevate and Consolidate Security

USSFCU went from planning to deployment in just weeks, replacing multiple legacy security tools with NSX for networking and micro-segmentation as part of their zero trust initiative.

Expand Your Data Center Security Capabilities

Network Detection and Response

Correlate large volumes of security events across north-south, east-west and cloud traffic for identifying real intrusions.

More on Network Detection and Response 

Distributed IDS/IPS

Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on east-west traffic.

More on NSX Distributed IDS/IPS  

Advanced Threat Prevention

Inspect all network traffic and obtain the industry’s highest fidelity insights into advanced threats.

More on Advanced Threat Prevention 

Segmentation Policy Recommendations

Simplify operationalizing micro-segmentation with rich application topology visualization and automated policy recommendations.

More on NSX Intelligence