NSX Advanced Firewall for VMC on AWS- Part 1 – Overview and enabling the Add-on

Photo by Marc-Olivier Jodoin on Unsplash

Introduction

In this post, I’ll provide a quick overview of the new NSX Advanced Firewall for VMC on AWS and walk through enabling the add on and individual features.

This will be a multi part blog series, and I’ll walk through each feature in more detail in different parts.

NSX Advanced Firewall for VMC on AWS Overview

The NSX Advanced Firewall for VMC on AWS was recently launched, and introduces a number of security features to the VMC on AWS service

  • Distributed IDS/IPS
  • Distributed Firewall with Layer 7 Application ID
  • Distributed Firewall with Active Directory based User ID – IDFW
  • Distributed Firewall with FQDN Filtering

See the launch announcement from VMware for more information about the use cases for the NSX Advanvced Firewall, such as

  • Detect and prevent threats to your workloads using Distributed IDS/ IPS
  • Get curated threat signatures via the NSX Threat Intelligence Cloud Service
  • Leverage context-aware threat detection
  • Inspect all traffic
  • Secure your applications with layer 7 Distributed Firewall
  • Application profiles pre-built for enterprise applications
  • NSX Distributed Firewall with FQDN Filtering
  • Control Access to virtual desktop applications with NSX Identity Firewall
  • Achieve compliance goals

The NSX Advanced Firewall for VMC on AWS is available for purchase as an add on.

Enabling NSX Advanced Firewall for VMC on AWS

  1. Login to the VMware Cloud Services Portal
  2. Select the VMware Cloud on AWS tile
  1. Click the name of the SDDC, where you want to enable the add on
  1. Click the Add Ons tab, and then Activate the NSX Advanced Firewall
  1. Review the acknowledgment, and note that this add on service will incur charges. Click Activate
  1. The NSX Advanced Firewall will now show as Active, click Open NSX Advanced Firewall

Enabling Distributed IDS/IPS

  1. You should now be in the Networking and Security view. Click Distributed IDS/IPS, located in the Security Section
  1. Click Get Started
  1. Check the box to Auto Update new signatures. Then toggle the feature on the relevant cluster
  1. Click Yes

In the next post of this series, I’ll dive deeper into Distributed IDS/IPS and describe how it can detect and prevent attempts at exploiting vulnerabilities in applications

NSX Advanced Firewall for VMC on AWS- Part 2 – Distributed IDS/IPS

One thought on “NSX Advanced Firewall for VMC on AWS- Part 1 – Overview and enabling the Add-on

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s