VMware NSX DMZ Anywhere Cybersecurity Benchmark

Version 5

    A Micro-audit of an NSX DMZ Anywhere architecture


    DMZ Anywhere takes DMZ security principles and decouples them from a traditional physical network and compute infrastructure to maximize security and visibility in a manner that is more scalable and efficient. Third-party security and audit firm Coalfire Systems, Inc. (Coalfire) tested the ability to utilize VMware NSX in support of security policy enforcement, network segmentation, and network visibility requirements necessary for DMZ implementations.


    Coalfire’s testing of DMZ Anywhere included the use of VMware vSphere with VMware NSX for vSphere software-defined network constructs (NSX logical switch, NSX logical router, NSX Edge Services Gateway (ESG), NSX Edge, NSX Distributed Firewall (DFW), and NetX traffic steering with service insertion partners Palo Alto Networks, Inc. (Palo Alto Networks) and Check Point Software Technologies Ltd. (Check Point). Coalfire also examined the capabilities of VMware NSX Application Rule Manager and VMware NSX Endpoint Monitoring tools to provide visibility of the software-defined network for facilitation of policy enforcement and DFW rule creation.