VMware Networking Community
jmadpalw
Enthusiast
Enthusiast
Jump to solution

Can I use NSX Edge as my perimeter firewall? and is NSX offering any other security features besides the firewall options?

Can I use NSX Edge as my perimeter firewall? and is NSX offering any other security features besides the firewall options?

Reply
0 Kudos
1 Solution

Accepted Solutions
padmavathi_sep1
Enthusiast
Enthusiast
Jump to solution

You can use NSX Edge as a perimeter firewall, although it depends exact requirements if this is a valid use-case. The Edge firewall offers some good basic firewalling options, but lacks some of the advanced (IDS, IPS) features. Same counts for the VPN service which pretty powerful: you can use this service for RoBo scenario’s (routed or stretched layer 2) and also for remote access scenarios. But, if you’re looking for an enterprise level VPN solution, the NSX service might not be the best option…it just depends on what you’re looking for.

NSX offering other security features besides the firewall as

Well, a very powerful part of NSX is the service composer. With the service composer you can create security policies and apply these policies to security groups. A security group is a group of virtual machines based on for example the port group, cluster, logical switch, datacenter or virtual machine name. A security policy on its turn can include guest introspection services such as AntiVirus (f.k.a. vShield Endpoint), data security, network introspection services and/or firewall rules. With the service composer an administrator can graphically see information about security groups and policies.

View solution in original post

Reply
0 Kudos
3 Replies
ocecil
Enthusiast
Enthusiast
Jump to solution

Hey jmadpalw, you can absolutely use ESG for your perimeter firewall, it's designed to be used as such after all. There are other security solutions built into NSX, most notably the distributed firewall, which will allow you to micro-segment your network. There are also 3rd party security solutions that integrates with NSX, such as Symantec DCS:S.

Reply
0 Kudos
gopanaboena
Enthusiast
Enthusiast
Jump to solution

Hi

NSX Edge suitable for perimeter firewall

Venkat

Reply
0 Kudos
padmavathi_sep1
Enthusiast
Enthusiast
Jump to solution

You can use NSX Edge as a perimeter firewall, although it depends exact requirements if this is a valid use-case. The Edge firewall offers some good basic firewalling options, but lacks some of the advanced (IDS, IPS) features. Same counts for the VPN service which pretty powerful: you can use this service for RoBo scenario’s (routed or stretched layer 2) and also for remote access scenarios. But, if you’re looking for an enterprise level VPN solution, the NSX service might not be the best option…it just depends on what you’re looking for.

NSX offering other security features besides the firewall as

Well, a very powerful part of NSX is the service composer. With the service composer you can create security policies and apply these policies to security groups. A security group is a group of virtual machines based on for example the port group, cluster, logical switch, datacenter or virtual machine name. A security policy on its turn can include guest introspection services such as AntiVirus (f.k.a. vShield Endpoint), data security, network introspection services and/or firewall rules. With the service composer an administrator can graphically see information about security groups and policies.

Reply
0 Kudos