VMware NSX Service-defined Firewall
Secure Your Data Center with a Purpose-Built Firewall
Protect rising east-west traffic with NSX Service-defined Firewall. Gain superior protection with an easy-to-deploy, purpose-built firewall that secures data center traffic across all your workloads.
Distributed Internal Firewall for Dummies
Quickly learn all about internal firewalls and how they provide better security for today’s complex data centers with operational ease.
Get the eBook
Hyperscale Throughput
Get complete coverage with up to 20Tbps firewalling per SDDC.
Up to 75% Savings in CapEx
Lower CapEx relative to traditional firewall appliances.
Up to 73% savings in OpEx
Lower OpEx, with no network changes and automated policies.
Leverage a Proven Data Center Security Model
Attackers are increasingly focused on finding and exploiting vulnerabilities in your network, making east-west traffic the new battleground. The VMware NSX Service-defined Firewall makes it difficult for malicious actors to stay in your network. Its distributed architecture, delivered in software, includes a full-stack, scale-out internal firewall and advanced threat prevention. This enables zero trust security for your software-defined data center that’s easy to deploy and automates policy, while reducing overall costs.
Use Cases
Network Segmentation
Gain visibility into traffic and easily create network segmentation by defining them entirely in software — no need to change your network or hairpin traffic by deploying discrete appliances.
Virtual Patching for all Workloads
Detect and prevent malicious traffic with distributed IDS/IPS at every workload, allowing you to reduce workload significantly by applying virtual patching to vulnerable workloads.
Zero Trust in the Data Center
Easily create, enforce, and manage micro-segmentation policies with deep visibility and comprehensive policy controls.
Block Advanced Threats
Leverage multiple advanced threat prevention techniques to detect intrusion attempts and malicious behavior from known and unknown malware and block threats from moving laterally across your network.
Benefits
No Network Changes
Radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hairpinning. Replace multiple appliance-based solutions with a per-workload stateful L7 firewall that’s delivered in software, reducing CapEx by up to 75%.
No Blind Spots
Leverage the only stateful L7 firewall built into the infrastructure that prevents lateral movement of attacks. Deployed into the hypervisor, NSX Service-defined Firewall enjoys unmatched visibility into network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.
Security as Code
Speed your network operations by enabling a true public cloud security experience in your private cloud. Deliver “security as code” with an API-driven, object-based policy model that delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies.
Consistent Policy Across Multi-Cloud
Achieve agile security via consistent firewall policies across multiple environments. Regardless of where your workload lives or moves, your virtualized, containerized and physical workloads will maintain their security policies. Write your policy once, and automatically enforce it everywhere.
Spotlight on Service-defined Firewall
Is This Security Thing Working?
SANS discusses challenges with today’s data center security and the need for an intrinsic approach.
Read the Whitepaper
Rethink Your Firewall Strategy
Security professionals are realizing that an over-reliance on traditional firewalls is forcing trade-offs between security coverage and operational simplicity.
Get the Report
A Practical Path to Zero Trust in the Data Center
Protect what matters—the applications and data—inside your data centers with a phased approach to zero trust.
Download White Paper
Protect Physical Workloads
Learn how NSX gateway firewalling can secure zone boundaries and physical workloads using a bare metal agent with unified management.
Read the BlogCustomer Stories
Securely Drive Productivity and Flexibility
Preferred Mutual maximizes remote employee and IT staff productivity while ensuring the security of company data with NSX, Workspace One, and Horizon.
Meet Government Security Regulations
Cenitex delivers the rock-solid security that governments require with a fully-integrated range of VMware solutions across data centers and digital workspaces.
Elevate and Consolidate Security
USSFCU went from planning to deployment in just weeks, replacing multiple legacy security tools with NSX for networking and micro-segmentation as part of their zero trust initiative.
Expand Your Data Center Security Capabilities
Network Detection and Response
Correlate large volumes of security events across north-south, east-west and cloud traffic for identifying real intrusions.
More on Network Detection and ResponseDistributed IDS/IPS
Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on east-west traffic.
More on NSX Distributed IDS/IPSAdvanced Threat Prevention
Inspect all network traffic and obtain the industry’s highest fidelity insights into advanced threats.
More on Advanced Threat PreventionSegmentation Policy Recommendations
Simplify operationalizing micro-segmentation with rich application topology visualization and automated policy recommendations.
More on NSX IntelligenceResources
Learn & Evaluate
- Forrester White Paper: To Enable Zero Trust, Rethink Your Firewall Strategy
- SANS White Paper: Knock, Knock: Is this Security Thing Working?
- VMware NSX Service-defined Firewall Datasheet
- Four Barriers to Micro-segmentation White Paper
- NSX Service-defined Firewall to Secure Virtual Desktops Solution Overview
- A Practical Path to Zero Trust in the Data Center