Determining the Required Subscription Capacity for VMware vDefend Firewall and VMware vDefend Firewall with Advanced Threat Prevention

• When deploying VMware Firewall as a Distributed Firewall, Customer must purchase one (1) Core of VMware Firewall to deploy one (1) Core of Distributed Firewall.
• When deploying VMware Firewall as a Gateway Firewall, Customer must purchase four (4) Cores of VMware Firewall to deploy one (1) Core of Gateway Firewall.
• When deploying VMware Firewall for Container Security with Antrea, Customer must purchase one (1) Core of VMware Firewall to deploy one (1) Core of Container Security with Antrea.
• When deploying VMware Firewall as an agent for Bare Metal workloads, Customer must purchase one (1) Core of VMware Firewall for every four (4) Cores of Bare Metal.
• When deploying VMware Firewall on a DPU, in addition to the entitlement required to deploy as a Distributed Firewall or Gateway Firewall, the Customer must purchase four (4) Cores of VMware Firewall to secure one (1) DPU.
• When deploying VMware Firewall to monitor of Desktop environments as outlined by VMware Firewall for Desktop, Customer may deploy 2.5 Concurrent Users for every (1) Core of VMware Firewall Customer purchases.

For latest details, please refer to the latest VMware vDefend Firewall - Specific Program Documentation (SPD). <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/LegalNotices/VMware-vDefend-Firewall-SPD/24284>

NSX 4.1.x, NSX 4.2.x

The purpose of this KB is to assist users in determining how many licensed cores are in use for vDefend Firewall and vDefend Firewall with Advanced Threat Prevention.

• For environments using VMware NSX 4.2.1 and above:
  • Security Usage Report is available as a CSV File, with details on current security features in use and associated license core counts for vDefend Firewall and vDefend Advanced Threat Prevention. To generate a Security Usage Report, use the NSX API to collect security usage data using "GET /licenses/security-usage?format=csv".
  • Documentation Reference Links:
    • (1) Documentation: https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend/vdefend-firewall/4-2/security-administration-guide/security/security-monitoring/generate-a-security-usage-report.html
    • (2) API Guide: https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/latest/

• For environments using VMware 4.1.x and above:
  • Broadcom has developed a Python script that collects and consolidates information on the quantity of core licenses.
  • License Counting Python Script
    • Pre-Requisites
      • Python 3.13 or greater installed
      • Download and extract the attached script
      • Use NSX Enterprise Admin user role
    • Usage Instructions
      • Setup to run the python scripts:
        • Download and install Python 3.1.3 or greater: https://www.python.org/downloads/
        • Unzip the downloaded zip. Go to that folder.
        • Create a virtual environment: https://docs.python.org/3/library/venv.html
          • Windows & Linux/Mac: `python3 -m venv venv`
          • Verify that a folder named `venv` has been created in the folder
          • Change and provide execution permissions to venv/bin/activate : chmod 700 env/bin/activate
        • Activate Python virtual environment
          • Windows: `venv/Scripts/activate`
          • Mac: `venv/bin/activate`
        • Install application dependencies: `pip3 install -r requirements.txt`
      • Run the python script
        • To run with suppressed warnings
          • - python3 -W ignore securityLicenseUsage.py
        • To run with unsuppressed warnings
          • - python3 securityLicenseUsage.py
        • The script will ask for the VMware NSX Manager IP/FQDN, NSX Manager credentials, and associated vCenter credentials.
        • Script will output a 'VmWarevDefendUsageDetails.csv' file

• • •  
    •  
      • Additional Considerations and Limitations
        • • This version of the license counting script does not factor the following features into the core calculations.
            • 1) vDefend security use on DPU cores – if the deployment is using distributed firewall on DPU-enabled hosts, please calculate manually and add to resulting output.
              • Step 1: Identify list of DPU-enabled NSX transport nodes with DFW enabled
              • Step 2: Calculate raw DPU cores by counting the DPU cores for each NSX transport node that has DFW enabled
              • Step 3: Multiply DPU core count by 4 to determine vDefend license count
            • 2) Container Security with Antrea – if the deployment is using container security where the hosts are not prepped for NSX, please calculate manually and add to resulting output.

• Disclaimer: Broadcom reserves the right to periodically update licensing enablement tools, which are provided for informational purposes only. Although great care has been taken to ensure the accuracy of the licensing enablement tools, Broadcom does not accept any legal responsibility for any actions taken based on the information contained herein and Broadcom makes no representations or warranties of any kind.

Related Resources

• VMware vDefend Firewall Solution License Key: https://knowledge.broadcom.com/external/article/381444/vmware-vdefend-firewall-solution-license.html
• Feature and Edition Guide: https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/feature-and-edition-guide/current-nsx-feature-entitlement.html
• VMware vDefend Firewall – Specific Program Documentation (SPD): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/LegalNotices/VMware-vDefend-Firewall-SPD/24284
• Counting Cores for VMware Cloud Foundation:
  https://knowledge.broadcom.com/external/article/313548/counting-cores-for-vmware-cloud-foundati.html