VMware vDefend Firewall Core Counting:

Distributed Firewall Core Count:

• If the DFW Global setting is enabled and DFW IPFIX profiles are found with a non-empty applied to, all NSX-prepared host's cores are included in the core count.
• If the DFW Global setting is enabled and DFW Malicious IP feature is enabled and any of the Malicious IP DFW rules are enabled, all NSX-prepared host's cores are included in the core count.
• If the DFW Global setting is enabled and any non-default DFW policies exist, each host is checked to see if the non-default DFW policies are realized on that host. If so, all host cores within that cluster are included in the core count.
  • The same 16-Core Minimum rule from VCF licensing applies to vDefend Distributed Firewall licensing - https://knowledge.broadcom.com/external/article/313548/counting-cores-for-vmware-cloud-foundati.html
  • You must license a minimum of 16 physical cores for each CPU (physical processor) in your ESXi hosts, even if a CPU has fewer than 16 cores.
  • Sum the physical cores from all CPUs on each ESXi hosts you plan to license. For CPUs with less than 16 cores, count 16 cores to comply with 16-Core Minimum Licensing Rule
    • Example:
      
      Host A (2 CPUs x 8 cores) + Host B (2 CPUs x 24 cores) converts to Host A (2 CPUs x 16 cores) + Host B (2 CPUs x 24 cores) = 80 cores to license.

Gateway Firewall Core Count:

For Gateway Firewall Core Count: 1 vCPU = 1 Core

• If Gateway Firewall is enabled on the T0/T1 and at least one non-default stateful policy exists, the Edge(s) hosting the T0/T1 (including the standby Edge) will have its CPUs included in the core count.
• If Gateway TLS Inspection is enabled on the T0/T1, the Edge(s) hosting the T0/T1 (including the standby Edge) will have its CPUs included in the core count.

VMware vDefend Firewall with Advanced Threat Prevention (ATP) Core Counting:

Distributed Firewall Core Count: see above section

Gateway Firewall Core Count: see above section

Distributed ATP Core Count:

• If the DFW Global setting is enabled and Distributed IDS/IPS is activated on the cluster, all host cores within that cluster are included in the core count.
• If a Distributed Malware Detection and Prevention Service Deployment exists for a cluster, all host cores within that cluster are included in the core count. 

Gateway ATP Core Count:

For Gateway Firewall Core Count: 1 vCPU = 1 Core

• If Gateway IDS/IPS and/or Gateway Malware Detection features are enabled on a T0/T1, the Edge(s) hosting the T0/T1 (including the standby Edge) will have its CPUs included in the core count.

Use the Security Usage Report or Python script to determine the current usage in the environment.

For environments using VMware NSX 4.2.1 and above:

• • Security Usage Report is available as a CSV File, with details on current security features in use and associated license core counts for vDefend Firewall and vDefend Advanced Threat Prevention. To generate a Security Usage Report, use the NSX API to collect security usage data using "GET /api/v1/licenses/security-usage?format=csv".
  • Documentation Reference Links:
    • (1) Documentation: Generate a Security Usage Report
    • (2) API Guide: NSX-T Data Center REST API

For environments using VMware NSX 4.1.x and above:

• • Broadcom has developed a Python script that collects and consolidates information on the quantity of core licenses.
  • License Counting Python Script
    • Pre-Requisites
      • Python 3.13 or greater installed
      • Download and extract the zip file attached to this KB - ANS-Product-License-Usage-And-Telemetry-a8a4187.zip
      • Credentials for NSX Manager user with NSX Enterprise Admin role
      • Credentials for associated vCenters
    • Usage Instructions
      • Setup to run the python scripts:
        • Download and install Python 3.13 or greater: https://www.python.org/downloads/
        • Unzip the downloaded zip. Go to that folder.
        • Create a virtual environment: https://docs.python.org/3/library/venv.html
          • Windows & Linux/Mac: `python3 -m venv venv`
          • Verify that a folder named `venv` has been created in the folder
          • Change and provide execution permissions to venv/bin/activate : chmod 700 venv/bin/activate
        • Activate Python virtual environment
          • Windows: `venv/Scripts/activate`
          • Linux/Mac: `source venv/bin/activate`
        • Install application dependencies: `pip3 install -r requirements.txt`
      • Run the python script
        • To run with suppressed warnings
          • - python3 -W ignore vDefendUsage.py
        • To run with unsuppressed warnings
          • - python3 vDefendUsage.py
        • The script will ask for the VMware NSX Manager IP/FQDN, NSX Manager credentials, and associated vCenter credentials.
        • Script will output a 'vDefend-usage-<epoch_time>.csv' file
        • Once you are done, deactivate the Python virtual environment
          • Windows: 'deactivate'
          • Linux/Mac: 'deactivate'

• • •  
    •  
    • Additional Considerations and Limitations
      • • • This version of the license counting script does not factor the following features into the core calculations.
            • 1) vDefend security use on DPU cores – if the deployment is using distributed firewall on DPU-enabled hosts, please calculate manually and add to resulting output.
              • Step 1: Identify list of DPU-enabled NSX transport nodes with DFW enabled
              • Step 2: Calculate raw DPU cores by counting the DPU cores for each NSX transport node that has DFW enabled
              • Step 3: Multiply DPU core count by 4 to determine vDefend license count
            • 2) Container Security with Antrea – if the deployment is using container security where the hosts are not prepped for NSX, please calculate manually and add to resulting output.