Replace multiple appliance-based solutions and radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hair-pinning.
Get unmatched visibility into your network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.
An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies.
Achieve agile security via consistent firewall policies across multiple environments. Write your policy once and automatically enforce it everywhere.
Gain visibility into traffic and easily create network segmentation by defining segments entirely in software—no need to change your network or hairpin traffic by deploying discrete appliances.
Easily create, enforce, and manage micro-segmentation policies with deep visibility and comprehensive security policy controls.
Detect and prevent malicious traffic with distributed IDS/IPS at every workload, allowing you to reduce operational burden by applying virtual patching to vulnerable workloads.
Leverage multiple advanced threat prevention techniques to detect intrusion attempts and malicious behavior from known and unknown malware and block threats from moving laterally across your network.
NSX Service-defined Firewall is a distributed, scale-out internal firewall that protects all east-west traffic with security that’s intrinsic to the infrastructure, radically simplifying the security deployment model.
NSX Service-defined Firewall uses an intrinsic approach to security that's built into the hypervisor. It includes a stateful L4-L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis.
Key capabilities of NSX Service-defined Firewall include:
For full capabilities, see the datasheet.
Use cases for NSX Service-defined Firewall include:
Benefits of NSX Service-defined Firewall include: