Easily Segment Your Network and Isolate Applications

Whether your goal is to lock down critical applications, create logical DMZs in software, or reduce the attack surface of a virtual desktop environment, NSX security enables you to enforce consistent network security policies on any workload hosted anywhere.

Prevent Lateral Movement with Granular Segmentation

Gain visibility into traffic and easily create network segmentation by defining segments entirely in software—no need to change your network or hairpin traffic by deploying discrete appliances.

Securing the Data Center In Just Four Steps

Taking a multi-step approach, security teams can use the VMware Distributed Firewall to continually improve security over time, starting from virtual security zones and expanding to all the workloads in the data center.

Simplify Network and Micro-Segmentation

No Network Changes

Secure network segments and create security zones without re-architecting your network, changing IP addresses or re-creating security policies.

Automated Policy Recommendation

Accelerate firewall policy generation and micro-segmentation planning with automated application discovery and recommendations for groups and segmentation rules.

Security as Code

Securely move at the speed of development with an API driven, object-based policy model that automates policy mobility with workloads.

Stateful Layer 7 Security

Go beyond basic port blocking to a complete stack of stateful Layer 7 firewall controls. Then add NSX Advanced Threat Prevention to detect malicious activity and stop the lateral movement of threats.

Agentless Architecture

Eliminate agent fatigue and operational overhead with security built-in to the hypervisor and immune to malware that can subvert host agents.

Zero Trust Realized

Implement Zero Trust architecture across multi-cloud environments with a modern software-based approach that’s easy to operationalize at scale.

Key Use Cases

Rapidly Deploy Network Segments

Easily create and reconfigure network segments, virtual security zones, and partner domains by defining them entirely in software. Avoid the need to re-architect your network or deploy discrete appliances.

Enable Application Isolation

Lock down critical applications and shared services from compromises by auto-discovering application boundaries and applying application-level segmentation policies. Ensure policies stay up-to-date automatically as applications evolve or move.

Secure Virtual Desktop Environments

Block lateral movement between virtual desktops by enforcing security policies down to the RDSH session level based on user identity and context. Easily enforce desktop isolation with a single firewall policy for your entire VDI environment.

Achieve Zero Trust with Micro-Segmentation

Easily create, enforce, and automatically manage granular micro-segmentation policies between applications, services, and workloads across multi-cloud environments spanning VMs, containers, and physical servers.

NSX Network Security Products

VMware NSX Distributed Firewall

Secure east-west traffic with a Layer 7 internal firewall, built-in to the hypervisor and distributed to every host.

VMware NSX Advanced Threat Prevention

Get complete network traffic inspection and the industry’s highest fidelity insights into advanced threats.

VMware NSX Gateway Firewall

Protect physical servers and zone/cloud edge with a software-defined gateway firewall.

Ready to Get Started?