Hello All.
Using the Identity Firewall function
Is it necessary to install Vmtool's NSX Network Introspection driver on Windows?
【the reason】
We have created Security Group from Service Composer and set up AD group.
Login with AD account on Windows will not appear on members of Security Group.
(AD registered in NSXManager, GI also installed)
I installed Vmtool 's NSX Network Introspection on Windows 2012 R 2.
When I logged in again, it was displayed on a member of the Security Group.
thanks,
===============
◆environment
ESX 6.0.0U3
VCSA 6.0.0-5112506
NSX Manager 6.3.1 Build 5124716
Windows 2012R2 ActiveDirectory(64bit)(also concurrent with DNS)
GuestPC (windows7(64bit)、Windows2012R2(64bt))
===============
For the identity firewall feature, you have the option to use AD log scraping or Guest Introspection.
If you use Guest Introspection, you will need to have the Guest Introspection driver installed (VMware Documentation Library).
The documentation states the 'vShield Drivers' needs to be installed, this is the Guest Introspection Driver! These have been renamed but the documentation has not been updated.
The Network Inspection Driver does not need to be installed.
Hi as mentioned in above reply
There are two methods or Identify Firewall (IdFW) to detect the user logon as per this doc : Identity Firewall Overview
1. Guest Introspection (GI)
2. AD Event Log Scraper
For #1, you would need to install VMware Tools with GI drivers and the name of drivers differ according to ESXi version
- It was vShield Endpoint on ESXi earlier than 5.5u2
- Guest Introspection on 5.5u2 and later
- and NSX File Introspection on 6.0 patch 1 and later
http://docs.trendmicro.com/all/ent/ds/v9.6/en-us/Deep_Security_96_Install_Guide_vmsafe_EN.pdf
Network Introspection driver is part of NSX File Introspection: Troubleshooting vShield Endpoint / NSX Guest Introspection (2094261) | VMware KB
Thank you!