VMware Networking Community
mitsuharu
Contributor
Contributor
‎04-18-2017 08:04 PM

Using the Identity Firewall function

Hello All.

Using the Identity Firewall function

Is it necessary to install Vmtool's NSX Network Introspection driver on Windows?

【the reason】

We have created Security Group from Service Composer and set up AD group.

Login with AD account on Windows will not appear on members of Security Group.

(AD registered in NSXManager, GI also installed)

I installed Vmtool 's NSX Network Introspection on Windows 2012 R 2.

When I logged in again, it was displayed on a member of the Security Group.

thanks,

===============

◆environment

ESX 6.0.0U3

VCSA 6.0.0-5112506

NSX Manager 6.3.1 Build 5124716

Windows 2012R2 ActiveDirectory(64bit)(also concurrent with DNS)

GuestPC (windows7(64bit)、Windows2012R2(64bt))

===============

Tags (1)
0 Kudos
3 Replies
erikverbruggen
Hot Shot
Hot Shot
‎04-19-2017 05:44 AM

For the identity firewall feature, you have the option to use AD log scraping or Guest Introspection.

If you use Guest Introspection, you will need to have the Guest Introspection driver installed (VMware Documentation Library).

The documentation states the 'vShield Drivers' needs to be installed, this is the Guest Introspection Driver! These have been renamed but the documentation has not been updated.

The Network Inspection Driver does not need to be installed.

0 Kudos
bayupw
Leadership
Leadership
‎04-19-2017 11:14 AM

Hi as mentioned in above reply

There are two methods or Identify Firewall (IdFW) to detect the user logon as per this doc : Identity Firewall Overview

1. Guest Introspection (GI)

2. AD Event Log Scraper

For #1, you would need to install VMware Tools with GI drivers and the name of drivers differ according to ESXi version

- It was vShield Endpoint on ESXi earlier than 5.5u2

- Guest Introspection on 5.5u2 and later

- and NSX File Introspection on 6.0 patch 1 and later

http://docs.trendmicro.com/all/ent/ds/v9.6/en-us/Deep_Security_96_Install_Guide_vmsafe_EN.pdf

vSE drivers.PNG

Network Introspection driver is part of NSX File Introspection: Troubleshooting vShield Endpoint / NSX Guest Introspection (2094261) | VMware KB

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
mitsuharu
Contributor
Contributor
‎04-24-2017 09:18 PM

Thank you!

0 Kudos