Easily Segment Your Network and Isolate Applications
Whether your goal is to lock down critical applications, create logical DMZs in software, or reduce the attack surface of a virtual desktop environment, NSX security enables you to enforce consistent network security policies on any workload hosted anywhere.
Prevent Lateral Movement with Granular Segmentation
Gain visibility into traffic and easily create network segmentation by defining segments entirely in software—no need to change your network or hairpin traffic by deploying discrete appliances.
Securing the Data Center In Just Four Steps
Taking a multi-step approach, security teams can use the VMware Distributed Firewall to continually improve security over time, starting from virtual security zones and expanding to all the workloads in the data center.
Simplify Network and Micro-Segmentation
No Network Changes
Secure network segments and create security zones without re-architecting your network, changing IP addresses or re-creating security policies.
Automated Policy Recommendation
Accelerate firewall policy generation and micro-segmentation planning with automated application discovery and recommendations for groups and segmentation rules.
Security as Code
Securely move at the speed of development with an API driven, object-based policy model that automates policy mobility with workloads.
Stateful Layer 7 Security
Go beyond basic port blocking to a complete stack of stateful Layer 7 firewall controls. Then add NSX Advanced Threat Prevention to detect malicious activity and stop the lateral movement of threats.
Agentless Architecture
Eliminate agent fatigue and operational overhead with security built-in to the hypervisor and immune to malware that can subvert host agents.
Zero Trust Realized
Implement Zero Trust architecture across multi-cloud environments with a modern software-based approach that’s easy to operationalize at scale.
Key Use Cases
Rapidly Deploy Network Segments
Easily create and reconfigure network segments, virtual security zones, and partner domains by defining them entirely in software. Avoid the need to re-architect your network or deploy discrete appliances.
Enable Application Isolation
Lock down critical applications and shared services from compromises by auto-discovering application boundaries and applying application-level segmentation policies. Ensure policies stay up-to-date automatically as applications evolve or move.
Secure Virtual Desktop Environments
Block lateral movement between virtual desktops by enforcing security policies down to the RDSH session level based on user identity and context. Easily enforce desktop isolation with a single firewall policy for your entire VDI environment.
Achieve Zero Trust with Micro-Segmentation
Easily create, enforce, and automatically manage granular micro-segmentation policies between applications, services, and workloads across multi-cloud environments spanning VMs, containers, and physical servers.
NSX Network Security Products
VMware NSX Distributed Firewall
Secure east-west traffic with a Layer 7 internal firewall, built-in to the hypervisor and distributed to every host.
VMware NSX Advanced Threat Prevention
Get complete network traffic inspection and the industry’s highest fidelity insights into advanced threats.
VMware NSX Gateway Firewall
Protect physical servers and zone/cloud edge with a software-defined gateway firewall.