Complete East-West Security for Zero Trust

Ransomware and lateral movement of threats make east-west the new battleground. NSX Distributed Firewall offers a software-delivered, distributed architecture and advanced threat prevention. It enables zero-trust security that’s easy to deploy and automates policy while reducing overall costs.

Hyperscale Throughput

Get complete coverage with up to 20Tbps firewalling per SDDC.

Secure Workload Access

Secure workload access on your journey to zero trust.

Up to 73% savings in OpEx

Lower OpEx, with no network changes and automated policies.

Benefits of NSX Distributed Firewall

No Network Changes

Radically simplify firewall deployment and operations by replacing physical hardware, eliminating changes to the network, and avoiding traffic hair-pinning.

Eliminate Blind Spots

Get visibility and workload context to identify and block threats at every hop, while remaining isolated from the attack surface.

Security as Code

An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies. 

Zero Trust with Better Security

Operationalize Zero Trust architecture in your infrastructure across multi-cloud with a modern software-based approach that’s easy to operationalize and scale.

Related Resources

Internal Firewalls for Dummies

Organizations can no longer rely on edge firewalls alone. Learn how internal firewalls provide better security for today’s complex data centers.

NSX Distributed Firewall Datasheet

NSX Distributed Firewall protects all east-west traffic with security intrinsic to the infrastructure, radically simplifying the security deployment model.

The Best Way to Protect East-West Traffic

Bolted-on security solutions can’t deliver the scalability, flexibility and cost effectiveness needed by today. Understand why intrinsic security is key.

Frequently Asked Questions

NSX Distributed Firewall is a software-defined Layer 7 firewall enabled at each workload to segment east-west traffic and block lateral movement of threats. Its advanced threat prevention includes distributed IDS/IPS, network sandbox, network traffic analysis, and network detection and response.

NSX Distributed Firewall uses a software-based approach to deliver security that's built into the hypervisor and delivered at each workload. This enables it to enforce access controls and inspect every flow for threats without traffic hair-pinning.  It includes a stateful L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis and network detection & response.

Key differentiators of NSX Distributed Firewall include:

  • Distributed architecture
  • Superior workload context
  • No network taps NTA
  • Elastic throughput
  • Operationally simple

For full capabilities, see the datasheet.

Use cases for NSX Distributed Firewall include:

  • Network Segmentation
  • Zero Trust in the Cloud
  • Virtual Patching for all Workloads
  • Stop lateral movement of threats

Benefits of NSX Distributed Firewall include:

  • Better Security
  • No network changes
  • Eliminate blind spots
  • Security as code
  • Operational simplicity

Why VMware for Internal Firewall?

Stop the spread of lateral threats inside the network with no network changes.