article NSX-T Security Reference Guide in VMware NSX Documents

NSX-T Security Reference Guide

mteigeiro — Wed, 16 Jun 2021 16:41:43 GMT

NSX-T Security Reference Guide - This talks about NSX Service-defined Firewall capabilities, different use cases, architecture, consumption model and the best practices around the security design.

1.3 version mainly has following updates along with minor update to all section:

* Chapter -1: NSX Service-defined firewall value prop/positioning.
* Chapter -2: NSX Use cases – What/why/how and NSX deployment Options.
* Chapter -5: Best practices around Groups/Tags/Policy

 Readers are encouraged to send a feedback to NSXDesignFeedback_at_groups*vmware*com (replace _at_ -> @ and * -> .)
 We will continually updating this document so please re-download this document.

 --The VMware NSX Product Management

Re: NSX-T 3.0 Security Reference Guide

newmanhun — Thu, 10 Dec 2020 09:16:06 GMT

Thanks! This document is long awaited and highly valuable. Some feedback below - if I may.

Last two lines in the attached picture tells 11 and just below that 10 predefined roles.

Page 17 - I would amend Option 1 with the term "security focused design" as this was the name of this approach back in the time with NSX for vSphere.

Page 20 - "In the physical representation, both T0 and the T1 firewalls are on the Edge Transport Node. Thus the packed does not leave the Edge host until it has passed through T1 Gateway Firewall" This is true, but not always as active instance of the T1 can be elsewhere, so within an other Edge node and in that case the traffic will leave the T0 hosing Edge node and flow to the one hosting the active T1.

Page 32 - Flow 3 is in the text as example but picture talks about flow 2.

Page 34 - I'd iclude some lines about that the "applied to" can be configured at the section level also which is also important.

Re: NSX-T 3.0 Security Reference Guide

mteigeiro — Thu, 17 Dec 2020 19:22:11 GMT

All very good points. Look forward to a revised version 1.1 coming out in a few weeks with these and other edits.

Thanks!

Re: NSX-T Security Reference Guide

vforde — Tue, 30 May 2023 19:13:07 GMT

Hi,

When will we see this reference guide updated? For the major updates in NSX-T 3.2 and NSX 4 covering NAPP Architecture deep dive as well as deployment topologies and NDR for known and unknown threats.

Thanks

Victor