NSX Distributed Firewall is a software-defined Layer 7 firewall enabled at each workload to segment east-west traffic and block lateral movement of threats. Its advanced threat prevention includes distributed IDS/IPS, network sandbox, network traffic analysis, and network detection and response.

NSX Distributed Firewall uses a software-based approach to deliver security that's built into the hypervisor and delivered at each workload. This enables it to enforce access controls and inspect every flow for threats without traffic hair-pinning.  It includes a stateful L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis and network detection & response.

Key differentiators of NSX Distributed Firewall include:

• Distributed architecture
• Superior workload context
• No network taps NTA
• Elastic throughput
• Operationally simple

For full capabilities, see the datasheet.

Use cases for NSX Distributed Firewall include:

• Network Segmentation
• Zero Trust in the Cloud
• Virtual Patching for all Workloads
• Stop lateral movement of threats

Benefits of NSX Distributed Firewall include:

• Better Security
• No network changes
• Eliminate blind spots
• Security as code
• Operational simplicity