VMware NSX Distributed Firewall

Additional Info

Company size (employees)10,000 or more
Headquarters RegionNorth America
Type of solutionSoftware


Mware’s NSX Distributed Firewall is a software-defined Layer 7 firewall purpose-built to secure multi-cloud traffic across workloads. Unlike traditional firewalls that require network redesign and traffic hair-pinning, the NSX Distributed Firewall distributes the firewalling and advanced security services (IDS/IPS, network sandboxing , and NTA/NDR) to each host, which radically simplifies the security architecture. It uses a software-based approach to deliver security that’s built into the hypervisor for each workload. With complete visibility into applications and flows, NSX Distributed Firewall delivers superior security with policy automation that’s linked to the workload lifecycle. This allows security teams to easily segment the network, micro-segment application workloads, stop the lateral movement of attacks, and automate policy in a vastly simpler operational model. Data center operators can now achieve levels of agility, security and economics that were previously unreachable.

NSX Distributed Firewall is not only distributed, but service-aware and operationally simple—making Zero Trust security attainable and efficient for applications in data centers, and private and public cloud environments. Whether the goal is to lock down critical applications, create a logical demilitarized zone in software or reduce the attack surface of a virtual desktop environment, NSX Distributed Firewall enables micro-segmentation to define and enforce network security policy at the individual workload level.

NSX Distributed Firewall is used by enterprises for a variety of purposes including network segmentation, achieving zero trust in the cloud, virtual patching for workloads, and the ability to stop lateral movement of threats. Every type of enterprise can benefit from having a firewall for east-west traffic like this one.

How we are different

Easy Operations: VMware NSX DFW simplifies firewall deployments and operations by replacing physical hardware, eliminating changes to the network, and avoid traffic hair-pinning. Admins can gain visibility on traffic and easily create network segmentation or virtual security zones in minutes with no changes to the network by defining them entirely in software.

Eliminate blind spots: VMware NSX DFW is built-into the hypervisor and managed as a single firewall, eliminating blind spots while radically simplifying deploymen t. Admins gain visibility and workload context to identify and block threats at every hop, while remaining isolated from the attack surface.

Better security: VMware NSX DFW offers full security stack across firewalling, IDS/IPS, sandbox, NTA, NDR, and even monitors encrypted traffic. Admins can protect their applications on the internal network against known malicious IP addresses on the internet such as botnet masters. The list of malicious IP addresses is dynamically updated on a frequent basis using the latest threat intelligence provided by VMware Contexa.