DFW is certainly supported. However, it will create cyclic dependency and that is a key reason it is recommended to avoid for the management plane communication. If you have serious limitations with existing firewall devices, you can consider this approach. When more solutions are getting integrated, it will become a tedious job. IDS/IPS use is targeting workloads running on top of the hypervisor. You should rather follow the vSphere security guide to harden the vSphere platform.
Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
