Done shopping? You can create a PDF of your cart for later or for your purchasing dept! Details at checkout.
Share:
- Switching
Enable logical layer 2 overlay extensions across a routed (L3) fabric within and across data center boundaries. Support for VXLAN based network overlays. - Routing
Dynamic routing between virtual networks performed in a distributed manner in the hypervisor kernel, scale-out routing with active-active failover with physical routers. Static routing and dynamic routing (OSPF, BGP) protocols supported. - Distributed firewalling
Distributed stateful firewalling, embedded in the hypervisor kernel for high firewall capacity. Support for Active Directory and activity monitoring. Additionally, NSX can also provide north-south firewall capability via NSX edge. - VPN
Site-to-site and remote-access VPN capabilities, unmanaged VPN for cloud gateway services. - Operations
Native operations capabilities such as central CLI, traceflow, SPAN, IPFIX to troubleshoot and proactively monitor the infrastructure. Integration with tools such as VMware vRealize Operations and Log Insight for advanced analytics and troubleshooting.
DFW complements and enhances your physical security by removing unnecessary hair-pinning from the physical firewalls and reduces the amount of traffic on the network. Rejected traffic is blocked before it leaves the ESXi host. There is no need for the traffic to traverse the network, only to be stopped at the perimeter by the physical firewall. Traffic destined to another VM on the same host or another host does not have to traverse through the network up to the physical firewall, and then go back down to the destination VM. Traffic is inspected at the ESXi level and delivered to the destination VM.
NSX DFW is a stateful firewall, meaning it monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. DFW is implemented in the hypervisor and applied to virtual machines on a per-vNIC basis. That is, the firewall rules are enforced at the vNIC of each virtual machine. Inspection of traffic happens at the vNIC of a VM just as the traffic is about to exit the VM and enter the virtual switch (egress). Inspection also happens at the vNIC just as the traffic leaves the switch but before entering the VM (ingress).