Svg Vector Icons : Return to Glossary

What is a data center firewall?

A data center firewall is a software or hardware device that monitors traffic entering and exiting an organization’s network — or, as network perimeters fragment, a portion of that network, down to the workload level — to filter out external threats.

Data center security has traditionally been based on a perimeter firewall, designed to protect internal assets from malicious external actors hiding in north-south traffic. With the rise of distributed networks and modern applications, however, the network perimeter has become more and more porous, necessitating sophisticated distributed firewalls that can deliver fine-grained monitoring and protection of internal — or east-west — traffic.

Why deploy a data center firewall?

Despite the rise of cloud-based resources and a distributed workforce, the data center remains critical to many, if not most, enterprises. Containing mission-critical applications and other essential business equities, the data center has evolved and often dispersed geographically but remains just as vulnerable. In the face of ever-growing threats, IT departments understand that securing the data center from malicious threats and unauthorized access remains essential to the continuity of the business.

How does a data center firewall work?

A data center firewall, whether perimeter-based or distributed, is a gatekeeper, continuously monitoring traffic flows in and out of a designated network area, blocking suspicious activity, and alerting security teams to threat events.

Firewalls may use a variety of techniques, depending on their design, to control traffic flow. Traditional architectures will often provide static packet filtering, proxy services, and stateful inspection.

Modern gateway firewalls often add intrusion detection (IDS/IPS), application context, and advanced threat analysis that helps evaluate the content of traffic passing through.

Finally, distributed firewalls are designed to filter east-west traffic and deliver protection down to the workload level.

Benefits of a data center firewall

A robust firewall solution will combine the strengths of gateway and distributed firewalls to deliver north-south and east-west protection for the data center that:

  • Provides the foundation for a comprehensive access control and threat control
  • Enables consistent performance and delivery of apps and data
  • Ensures products and services get to the customers and employees who need them
  • Helps eliminate downtime and reputational damage from successful attacks
  • Enables a modern, distributed workforce

Related Topics
Network Security
Data Center Security
Next-Generation Firewall
East-West Security

VMware Data Center Firewall related Products, Solutions, and Resources

NSX Network Detection & Response

NSX Network Detection and response provides the broadest set of detection capabilities spanning IDS/IPS

VMware NSX Distributed Firewall

Secure east-west traffic with a purpose-built internal firewall, built-in to the hypervisor and distributed at every host.

VMware Distributed IDS/IPS

Replace discrete appliances with a distributed software IDS/IPS solution to detect lateral threat movement on east-west traffic.

Advanced Threat Prevention

Inspect all network traffic and obtain the industry’s highest fidelity insights into advanced threats.

NSX Advanced Threat Analyzer

Included with NSX Advanced Threat Prevention, Advanced Threat Analyzer provides complete malware analysis