Internal Firewall for East-West Traffic VMware NSX/NSX+ Distributed Firewall

Stop the lateral spread of threats across multi-cloud environments with a software-based Layer 7 firewall distributed at each workload.

VIEW DATASHEET

Complete Lateral Security for Zero Trust

Threat actors moving throughout your infrastructure and increasingly sophisticated ransomware attacks make east-west the new battleground. Get the advantage with a software-defined Layer 7 firewall that delivers granular enforcement at scale to secure east-west traffic across today’s multi-cloud world. Easily segment the network, stop the lateral spread of threats, and securely move at the speed of development on your path to Zero Trust.

Deep Visibility and Granular Control

Gain visibility across all network flows to easily achieve granular micro-segmentation and generate context-aware policies for each workload.

READ WHITE PAPER

Lateral Threat Detection and Prevention

Reduce the attack surface and defend against known and unknown threats moving within and across clouds with a modern, distributed firewall solution that is purpose-built to secure multi-cloud traffic across virtualized workloads.

LEARN MORE

Application Agility with Security

Unlock business agility by ensuring that workloads maintain their security policies throughout their lifecycle, regardless of where the workload lives or moves. Write policy once and automatically enforce everywhere.

READ EBOOK

Organizations can no longer rely on edge firewalls alone. Internal firewalls are purpose-built to secure east-west traffic, providing defense-in-depth against threats that make it past the network perimeter.

LEARN MORE

Key Capabilities

Distributed Architecture

Get complete network security coverage across all flows with a stateful layer 7 firewall built-into the hypervisor and distributed at every workload.

No Network Changes

Radically simplify firewall deployment and operations without changing your network — no traffic hair-pinning required.

Elastic Throughput

Automatically scale with your workloads for massive traffic inspection capacity, eliminating the throughput constraints typical of appliance-based firewalls.

Superior Workload Context

Enjoy in-depth workload and network context from a unique position in the hypervisor. Achieve superior threat detection and faster forensics while remaining isolated from the attack surface.

Scalable Traffic-Flow Analysis

Get visualization, analysis and monitoring of all traffic flows for complex modern apps and large networks to enable micro-segmentation at scale.

Advanced Threat Prevention

Leverage signature and behavior-based detection engines to quickly identify and block known threats and new, evolving threats that have never been seen before.

READ THE DATASHEET

VMware Cross-Cloud Services

Enable lateral security for your multi-cloud environment with NSX Distributed Firewall, a Networking and Security solution of VMware's Cross-Cloud services portfolio.

LEARN ABOUT CROSS-CLOUD SERVICES

Address Critical Security Use Cases

Get Real-Time Visibility and Analytics at Scale

Get real-time visibility into applications and their security posture when you visualize workloads and traffic flows with contextual application topology maps. Quickly identify security gaps and get granular policy recommendations for segmentation.

Rapidly Deploy Network Segments

Easily create network segments by defining them entirely in software and avoid the need to re-architect your network or deploy discrete appliances.

Operationalize Zero Trust with Micro-Segmentation

Micro-segment all applications to achieve zero trust. Reduce the attack surface and isolate applications with granular segmentation policies that enable user- and application-specific access controls and mitigate lateral movement.

Ubiquitous Virtual Patching

Monitor traffic flows at every host and identify malicious traffic on a per hop basis with IDS/IPS. Then, apply virtual patching so that unpatched servers inside the data center are not exploited.