The internal firewall and micro-segmentation capabilities of NSX Data Center enabled us to rapidly deliver on our CIO’s zero-trust initiative.
Radically simplify firewall deployment and operations by replacing physical hardware, eliminating changes to the network, and avoiding traffic hair-pinning.
Get visibility and workload context to identify and block threats at every hop, while remaining isolated from the attack surface.
An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies.
Operationalize Zero Trust architecture in your infrastructure across multi-cloud with a modern software-based approach that’s easy to operationalize and scale.
Gain visibility into traffic and easily create network segmentation by defining segments entirely in software—no need to change your network or hairpin traffic by deploying discrete appliances.
Easily and automatically create, enforce, and manage granular micro-segmentation policies. Intrinsic understanding of application topology helps generate policy recommendations.
Take advantage of IDS/IPS at every host to monitor all your traffic flows, identify malicious traffic on a per hop basis, and then apply virtual patching to ensure unpatched servers inside the data center cannot be exploited.
Leverage multiple detection engines with distributed IDS/IPS, NTA, and sandboxing to block advanced threats from moving laterally across your network—even across encrypted traffic. Get network detection and response (NDR) that correlates events across all detection engines to identify intrusions.
NSX Distributed Firewall is a software-defined Layer 7 firewall enabled at each workload to segment east-west traffic and block lateral movement of threats. Its advanced threat prevention includes distributed IDS/IPS, network sandbox, network traffic analysis, and network detection and response.
NSX Distributed Firewall uses a software-based approach to deliver security that's built into the hypervisor and delivered at each workload. This enables it to enforce access controls and inspect every flow for threats without traffic hair-pinning. It includes a stateful L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis and network detection & response.
Key differentiators of NSX Distributed Firewall include:
For full capabilities, see the datasheet.
Use cases for NSX Distributed Firewall include:
Benefits of NSX Distributed Firewall include: