US US About Us Store

Leverage a Proven Data Center Security Model

Attackers are increasingly focused on finding and exploiting vulnerabilities in your network, making east-west traffic the new battleground. NSX Service-defined Firewall offers a software-delivered, distributed architecture and advanced threat prevention. It enables zero-trust security that’s easy to deploy and automates policy while reducing overall costs.

Hyperscale Throughput

Get complete coverage with up to 20Tbps firewalling per SDDC.

Read White Paper

Up to 75% Savings in CapEx

Lower CapEx relative to traditional firewall appliances.

Read Forrester Report

Up to 73% savings in OpEx

Lower OpEx, with no network changes and automated policies.

READ SOLUTION OVERVIEW

Benefits of NSX Service-defined Firewall

No Network Changes

Replace multiple appliance-based solutions and radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hair-pinning. 

Eliminate Blind Spots

Get unmatched visibility into your network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.

Security as Code

An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies. 

Consistent Policy Across Multi-Cloud

Achieve agile security via consistent firewall policies across multiple environments. Write your policy once and automatically enforce it everywhere. 

Use Cases

Network Segmentation

Zero Trust

Virtual Patching

Threat Prevention

Related Resources

Internal Firewalls for Dummies

Organizations can no longer rely on edge firewalls alone. Learn how internal firewalls provide better security for today’s complex data centers.

DOWNLOAD THE GUIDE
A Practical Path to Zero Trust

A Practical Path to Zero Trust

Learn why organizations are leaning into zero trust security and why traditional firewalls fall short.

READ THE WHITE PAPER

The Best Way to Protect East-West Traffic

Bolted-on security solutions can’t deliver the scalability, flexibility and cost effectiveness needed by today. Understand why intrinsic security is key.

READ THE WHITE PAPER
ALL RESOURCES

Related Products

Expand your data center security capabilities with detection and response, threat prevention and more.

NSX Network Detection and Response

AI-powered network detection and response (NDR)

NSX Distributed IDS/IPS

Software-based IDS/IPS solution

NSX Advanced Threat Prevention

Network traffic analysis and intrusion prevention for NSX Service-defined Firewall

NSX Intelligence

Distributed analytics engine native to NSX

Frequently Asked Questions

NSX Service-defined Firewall is a distributed, scale-out internal firewall that protects all east-west traffic with security that’s intrinsic to the infrastructure, radically simplifying the security deployment model.

NSX Service-defined Firewall uses an intrinsic approach to security that's built into the hypervisor. It includes a stateful L4-L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis.

Key capabilities of NSX Service-defined Firewall include:

  • Distributed, granular enforcement of security policies
  • Scalability and throughput
  • Advanced threat prevention
  • Intra-application visibility
  • Centralized management

For full capabilities, see the datasheet.

Use cases for NSX Service-defined Firewall include:

  • Network Segmentation
  • Zero Trust in the Data Center
  • Virtual Patching for all Workloads
  • Block Advanced Threats

 

Benefits of NSX Service-defined Firewall include:

  • Mitigating security risk
  • Ensuring compliance
  • Accelerating security operations
  • Simplifying security architecture

Why VMware for Internal Firewall

With its distributed architecture delivered in-software, it eliminates all blind spots without requiring network changes.