Product offerings for NSX-T 3.2 Security
Article ID: 336803
Updated On:
Products
VMware NSX
VMware vDefend Firewall
Issue/Introduction
This article provides information on licensing editions of VMware NSX for Security specific deployments and the list of features associated with different licensing editions.
NSX Distributed Firewall Editions:
NSX offers Security capabilities for Zero-Trust scenarios leveraging "Distributed Firewall" product line. Different editions focused on delivering micro-segmentation for east-west traffic leveraging Distributed Firewalls are as listed below:
- NSX Distributed Firewall for Baremetal Hosts: For organizations needing an agent-based network segmentation solution for bare-metal workloads.
- NSX Distributed Firewall Edition: For organizations needing implement access controls for east-west traffic within the network (micro-segmentation) but not focused on threat detection and prevention services.
- NSX Distributed Firewall with Threat Prevention Edition: For organizations needing access control and select threat prevention features for east-west traffic within the network.
- NSX Distributed Firewall with Advanced Threat Prevention Edition: For organizations needing Firewall, and all advanced threat prevention features for east-west traffic within the network.
VMware NSX Gateway Firewall Editions:
NSX offers security capabilities for zone-segmentation and public cloud internet gateway scenarios leveraging "Gateway Firewall" product line. The various "Gateway Firewall" editions are listed below:
- Gateway Firewall: For organizations needing to implement firewalling capabilities for zone segmentation; but not focused on threat detection and prevention services.
- Gateway Firewall with Threat Prevention Edition: For organizations needing to implement firewalling capabilities for zone segmentation along with select threat detection and prevention services offered in the Gateway form factor.
- Gateway Firewall with Advanced Threat Prevention Edition: For organizations needing to implement firewalling capabilities for zone segmentation along with all advanced threat detection and prevention services offered in the Gateway form factor.
The Gateway Firewall product can be deployed either as a Virtual Machine (VM) or as an ISO image on physical servers depending upon the license procured. The Gateway Firewall Editions listed above are applicable for both the VM and ISO based deployments.
NSX Network Detection and Response (NDR):
NSX NDR product offers advanced threat identification and response capabilities for Security Operations Center (SoC) deployment. At this time, we offer on-premises deployment for this solution
- NSX Network Detection and Response (NDR) for on-premises: For SoC teams needing implement NDR solution to identify advanced attacks on the network.
NSX NDR solution does not provide entitlements for NSX Distributed or Gateway Firewall capabilities. It is a stand-alone offer focused on SoC deployments.
Customers interested in deploying Network Virtualization capabilities of NSX should refer to Product offerings for VMware NSX-T Data Center 3.2.x. Customers who have already purchased NSX Data Center (NSX-T) Advanced and Enterprise+ editions can procure NSX Firewall Threat Prevention or NSX Firewall Advanced Threat Prevention add-on licenses
Environment
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center
VMware NSX-T Data Center
Resolution
The following table outlines specific functions available by edition. NSX Security is available as a single download image with license keys required to enable specific functionality.
Distributed Security
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Distributed Security Features |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| Distributed Firewall for NSX Switchports | Yes | Yes | Yes | Yes | No | No | No |
| Distributed Firewall for VDS Switchports | Yes | Yes | Yes | No | No | No | No |
| Stateful L2 and L3 Rules | Yes | Yes | Yes | Yes | No | No | No |
| Stateless L2 and L3 Rules | Yes | Yes | Yes | Yes | No | No | No |
| Distributed FQDN Filtering | Yes | Yes | Yes | No | No | No | No |
| Basic L7 Application Identification Rules | Yes | Yes | Yes | No | No | No | No |
| Advanced L7 Application Identification Rules | Yes | Yes | Yes | No | No | No | No |
| Distributed Flood Protection | Yes | Yes | Yes | No | No | No | No |
| Agent-Based enforcement for Physical Servers | Yes | Yes | Yes | Yes | No | No | No |
| User Identity Firewall | |||||||
| Distributed Identity Firewall using Guest Introspection | Yes | Yes | Yes | No | No | No | No |
| Distributed Identity Firewall using Active Directory Event Server | Yes | Yes | Yes | No | No | No | No |
| Distributed Identity Firewall using third-party log sources | No | No | No | No | No | No | No |
| NSX Distributed Threat Prevention7 | |||||||
| Distributed Intrusion Detection Service (IDS) | No | Yes | Yes | No | No | No | No |
| Distributed Behavioral IDS | No | Yes | Yes | No | No | No | No |
| Distributed Intrusion Prevention Service (IPS) | No | Yes | Yes | No | No | No | No |
| NSX Distributed Advanced Threat Prevention9 | |||||||
| Distributed Malware Detection and Prevention | No | No | Yes | No | No | No | No |
| Cloud Sandboxing and Artifact Analysis10, 13 | No | No | Yes | No | No | No | No |
| Distributed IDS Event Forwarding to NDR | No | Yes | Yes | No | No | No | No |
| Distributed Service Insertion Integrations | |||||||
| Distributed Endpoint Protection | No | No | No | No | No | No | No |
| Distributed Network Introspection | No | No | No | No | No | No | No |
| Policy, Tagging and Grouping | |||||||
| Object Tagging / Security Tags | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Network Centric Grouping | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Workload Centric Grouping | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Based Groups | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| MAC Based Groups | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Tag Based Rules | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Firewall Operations | |||||||
| Firewall Logging | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Distributed Firewall based IPFIX | Yes | Yes | Yes | Yes | No | No | No |
| Rule Hit Count, Popularity Index, Flow Statistics | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Firewall Drafts | Yes | Yes | Yes | No | No | No | No |
Gateway Firewall Features
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Gateway Security Features |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| Stateful L3 Rules | No | No | No | No | Yes | Yes | Yes |
| Stateless L3 Rules | No | No | No | No | Yes | Yes | Yes |
| Basic L7 Application Identification Rules | No | No | No | No | Yes | Yes | Yes |
| Advanced L7 Application Identification Rules | No | No | No | No | Yes | Yes | Yes |
| URL Filtering | No | No | No | No | Yes | Yes | Yes |
| Gateway Flood Protection | No | No | No | No | Yes | Yes | Yes |
| Identity Firewall | |||||||
| Gateway Identity Firewall using Active Directory Event Server | No | No | No | No | Yes | Yes | Yes |
| Gateway Identity Firewall using third-party log sources | No | No | No | No | Yes | Yes | Yes |
| NSX Gateway Advanced Threat Prevention7 | |||||||
| Malware Detection | No | No | No | No | No | No | Yes |
| Cloud Sandboxing and Artifact Analysis10 | No | No | No | No | No | No | Yes |
| NAT | |||||||
| NAT on North/South and East/West Logical Routers | No | No | No | No | Yes | Yes | Yes |
| Source NAT | No | No | No | No | Yes | Yes | Yes |
| Destination NAT | No | No | No | No | Yes | Yes | Yes |
| NAT N:N | No | No | No | No | Yes | Yes | Yes |
| Stateless NAT | No | No | No | No | Yes | Yes | Yes |
| NAT Logging | No | No | No | No | Yes | Yes | Yes |
| NAT64 | No | No | No | No | Yes | Yes | Yes |
| Active/Active NAT Services | No | No | No | No | Yes | Yes | Yes |
| VPN | |||||||
| L2 VPN | No | No | No | No | Yes | Yes | Yes |
| Active / Standby L3 VPN | No | No | No | No | Yes | Yes | Yes |
| Gateway Service Insertion Integrations | |||||||
| Gateway Network Introspection | No | No | No | No | Yes | Yes | Yes |
| Gateway Firewall High Availability14 | |||||||
| Active/Standby Gateway Firewall Services | No | No | No | No | Yes | Yes | Yes |
| Policy, Tagging and Grouping | |||||||
| Object Tagging / Security Tags | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Network Centric Grouping | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Workload Centric Grouping | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IP Based Groups | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Tag-Based Rules | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Per-Gateway and Multi-Gateway Policy Management | No | No | No | No | Yes | Yes | Yes |
| Firewall Operations | |||||||
| Firewall Logging | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Rule Hit Count, Popularity Index, Flow Statistics | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Firewall Drafts | No | No | No | No | Yes | Yes | Yes |
Networking
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| vSphere Distributed Switch¹⁰ | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| VLAN Backed Logical Switching | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Overlay Backed Logical Switching | No | No | No | No | Yes | Yes | Yes |
| Multiple TEP Support | No | No | No | No | Yes | Yes | Yes |
| Optimized ARP Learning and Broadcast Suppression | No | No | No | No | No | No | No |
| GENEVE Encapsulation | No | No | No | No | Yes | Yes | Yes |
| Unicast Replication | No | No | No | No | No | No | No |
| Headend Replication | No | No | No | No | No | No | No |
| Spoofguard | Yes | Yes | Yes | Yes | No | No | No |
| LACP (Edge and Host) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| L2 Multicast | No | No | No | No | Yes | Yes | Yes |
| L3 Multicast | No | No | No | No | Yes | Yes | Yes |
| Quality of Service (QoS) | |||||||
| QoS Marking | No | No | No | No | No | No | No |
| QoS DSCP Trust Boundary | No | No | No | No | No | No | No |
| L2 Bridging to Physical Environment | |||||||
| Software Based L2 Bridge to Physical Environments | No | No | No | No | Yes | Yes | Yes |
| Routing | |||||||
| Distributed Routing | No | No | No | No | No | No | No |
| Multi-Tier Routing | No | No | No | No | Yes | Yes | Yes |
| Dynamic Routing with ECMP | No | No | No | No | Yes | Yes | Yes |
| Active / Standby Redundancy for Routing | No | No | No | No | Yes | Yes | Yes |
| Active / Active Redundancy for Routing | No | No | No | No | Yes | Yes | Yes |
| Virtual Routing and Forwarding (Tier-0 Gateway VRFs) | No | No | No | No | Yes | Yes | Yes |
| EVPN | No | No | No | No | Yes | Yes | Yes |
| OSPF v2 | No | No | No | No | Yes | Yes | Yes |
| Static Routing - IPv4 | |||||||
| Static Routing | No | No | No | No | Yes | Yes | Yes |
| BFD | No | No | No | No | Yes | Yes | Yes |
| Null Routes | No | No | No | No | Yes | Yes | Yes |
| Device Routes | No | No | No | No | Yes | Yes | Yes |
| Static Routing - IPv6 | |||||||
| Static Routing | No | No | No | No | Yes | Yes | Yes |
| Null Routes | No | No | No | No | Yes | Yes | Yes |
| Device Routes | No | No | No | No | Yes | Yes | Yes |
| BGP - IPv4 Unicast | |||||||
| eBGP | No | No | No | No | Yes | Yes | Yes |
| eBGP Multihop | No | No | No | No | Yes | Yes | Yes |
| iBGP | No | No | No | No | Yes | Yes | Yes |
| Graceful Restart | No | No | No | No | Yes | Yes | Yes |
| BFD | No | No | No | No | Yes | Yes | Yes |
| 4-byte ASN | No | No | No | No | Yes | Yes | Yes |
| BGP - IPv6 Unicast | |||||||
| eBGP | No | No | No | No | Yes | Yes | Yes |
| eBGP Multihop | No | No | No | No | Yes | Yes | Yes |
| iBGP | No | No | No | No | Yes | Yes | Yes |
| Graceful Restart | No | No | No | No | Yes | Yes | Yes |
| 4-byte ASN | No | No | No | No | Yes | Yes | Yes |
| BFD - IPv4 | |||||||
| Sub-Second Keepalive Timer | No | No | No | No | Yes | Yes | Yes |
| Route Maps | |||||||
| Match on Prefix-List and Community-List | No | No | No | No | Yes | Yes | Yes |
| Set Weight, MED, AS Path, Prepending, Local Preference, and Community | No | No | No | No | Yes | Yes | Yes |
| Other | |||||||
| High Availability Virtual IP (HA VIP) | No | No | No | No | Yes | Yes | Yes |
| Route Redistribution | No | No | No | No | Yes | Yes | Yes |
| IP Prefix-Lists | No | No | No | No | Yes | Yes | Yes |
| Per Interface RPF Check | No | No | No | No | Yes | Yes | Yes |
| DNS, DHCP and IPAM (DDI) | |||||||
| IPAM | No | No | No | No | Yes | Yes | Yes |
| IP Blocks | No | No | No | No | Yes | Yes | Yes |
| IP Subnets | No | No | No | No | Yes | Yes | Yes |
| IP Pools | No | No | No | No | Yes | Yes | Yes |
| IPv4 DHCP Server | No | No | No | No | Yes | Yes | Yes |
| IPv6 DHCP Server | No | No | No | No | Yes | Yes | Yes |
| IPv4 DHCP Relay | No | No | No | No | Yes | Yes | Yes |
| IPv6 DHCP Relay | No | No | No | No | Yes | Yes | Yes |
| IPv4 DHCP Static Bindings / Fixed Addresses | No | No | No | No | Yes | Yes | Yes |
| IPv6 DHCP Static Bindings / Fixed Addresses | No | No | No | No | Yes | Yes | Yes |
| IPv4 DNS Relay / DNS Proxy | No | No | No | No | Yes | Yes | Yes |
| IPv4 Meta-Data Proxy | No | No | No | No | No | No | No |
NSX Intelligence
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| Layer 4 VM-to-VM Traffic Flow Analysis | Yes | Yes | Yes | No | No | No | No |
| Layer 4 Firewall Visibility | Yes | Yes | Yes | No | No | No | No |
| Layer 4 Automated Security Policy | Yes | Yes | Yes | No | No | No | No |
| Layer 4 Rule and Group Recommendation Analytics | Yes | Yes | Yes | No | No | No | No |
| Network Traffic Analytics | No | No | Yes | No | No | No | No |
| Network Detection and Response12 | No | No | Yes | No | No | No | No |
Load Balancing8
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| Protocols | |||||||
| TCP (L4-L7) | No | No | No | No | No | No | No |
| UDP | No | No | No | No | No | No | No |
| HTTP | No | No | No | No | No | No | No |
| Load Balancing Methods | |||||||
| Round Robin | No | No | No | No | No | No | No |
| Source IP Hash | No | No | No | No | No | No | No |
| Least Connections | No | No | No | No | No | No | No |
| L7 Application Rules with RegEx Support | No | No | No | No | No | No | No |
| Health Checks | |||||||
| TCP | No | No | No | No | No | No | No |
| ICMP | No | No | No | No | No | No | No |
| UDP | No | No | No | No | No | No | No |
| HTTP | No | No | No | No | No | No | No |
| HTTPS | No | No | No | No | No | No | No |
| Monitoring | |||||||
| View VIP / Pool / Server Objects | No | No | No | No | No | No | No |
| View VIP / Pool / Server Statistics | No | No | No | No | No | No | No |
| View Global Statistics VIP Sessions | No | No | No | No | No | No | No |
| Load Balancing Automation | |||||||
| Pool Members Based on vCenter Context or IP Addresses | No | No | No | No | No | No | No |
| Other | |||||||
| Connection Throttling | No | No | No | No | No | No | No |
| High-Availability | No | No | No | No | No | No | No |
NSX Cloud for AWS and Azure
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| NSX on-prem license portability for Public Cloud workloads | Yes | Yes | Yes | No | Yes | No | Yes |
| NSX Enforced Mode (Agent-Based Cloud Security) | Yes | Yes | Yes | No | No | No | No |
| Cloud Enforced Mode (Agentless Based Cloud Security) | Yes | Yes | Yes | No | No | No | No |
| Stateful L2 and L3 Rules | Yes | Yes | Yes | No | No | No | No |
| Stateless L2 and L3 Rules | Yes | Yes | Yes | No | No | No | No |
| Distributed Identity Firewall using Active Directory Event Server | Yes | Yes | Yes | No | No | No | No |
| L7 Security Features (Basic L7 Application Identification Rules) | Yes | Yes | Yes | No | No | No | No |
| Advanced Security capabilities in Public Cloud Gateway (L7 firewall / URL Filtering) | No | No | No | No | Yes | Yes | Yes |
| VPN (on-prem to public cloud; public cloud - public cloud; intra public cloud) | No | No | No | No | Yes | Yes | Yes |
| Support for AWS Gov Cloud and Azure Government Cloud workloads | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Modern Apps
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
|
Container Networking and Security |
No | No | No | No | No | No | No |
| VMware Container Networking with Project Antrea Enterprise | No | No | No | No | No | No | No |
Automation
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| API Driven Automation | |||||||
| REST API | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Hierarchical Policy API | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| JSON Support | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| OpenAPI / Swagger Spec | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Java SDK | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Python SDK | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Auto-generated API Documentation | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Terraform Provider6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Ansible Modules6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Integration with Cloud Management Platforms | |||||||
| Integration with vRealize Automation1,6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Integration with vCloud Director1,6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Integration with VMware Integrated OpenStack1,6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Integration with other OpenStack Platform3, 6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Platform
NSX-T Distributed Firewall Packages |
NSX-T Gateway Firewall Packages |
||||||
|
Feature |
NSX Distributed Firewall | NSX Distributed Firewall With Threat Prevention | NSX Distributed Firewall With Advanced Threat Prevention | Firewall (Agent) For Baremetal Servers | NSX Gateway Firewall | NSX Gateway Firewall with Threat Prevention | NSX Gateway Firewall with Advanced Threat Prevention |
|---|---|---|---|---|---|---|---|
| Platform Features | |||||||
| ESXi Support1 | Yes | Yes | Yes | No | No | No | No |
| KVM Support2 | Yes | Yes | Yes | No | No | No | No |
| Controller Clustering | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| vCenter Integration1 | Yes | Yes | Yes | No | Yes | Yes | Yes |
| Multi-vCenter® Networking and Security | Yes | Yes | Yes | No | Yes | Yes | Yes |
| Federation | No | No | No | No | No | No | No |
| Edge Platform Features | |||||||
| Edge in VM Form Factor | No | No | No | No | Yes | Yes | Yes |
| Edge in Bare-Metal Form Factor for Routing | No | No | No | No | Yes | Yes | Yes |
| Edge in Bare-Metal Form Factor for Gateway Firewall | No | No | No | No | Yes | Yes | Yes |
| DPDK Optimized Forwarding | No | No | No | No | Yes | Yes | Yes |
| Authentication and Authorization | |||||||
| Authentication using Workspace ONE Access1, 5 |
Yes |
Yes | Yes | Yes | Yes | Yes | Yes |
| Direct Active Directory Integration via LDAP | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Authentication via OpenLDAP | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Session-Based Authentication | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Certificate-Based Authentication (Principle Identity) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Role-Based Access Control | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Log Management | |||||||
| vRealize Log Insight Integration1, 4 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Splunk Integration2 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Installation | |||||||
| Automated Manager Deployment |
Yes |
Yes | Yes | Yes | Yes | Yes | Yes |
| Manual Controller Deployment | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Automated Edge Deployment |
No |
No | No | No | Yes | Yes | Yes |
| Manual Edge Deployment | No | No | No | No | Yes | Yes | Yes |
| Automated Compute Host Preparation by Cluster | Yes | Yes | Yes | No | No | No | No |
| Operations | |||||||
| Port Mirroring |
Yes |
Yes | Yes | Yes | Yes | Yes | Yes |
| Traceflow | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| NSX Live Traffic Analysis | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Tunnel Health Monitoring | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Port Connectivity Tool | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Switch Based IPFIX | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| LLDP | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Automated Technical Support Bundles | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Packet Capture | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Backup and Restore | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| SNMP v1/v2/v3 with Traps | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Monitoring | |||||||
| Time-Series Metrics (Note: Name for this feature is under discussion) | No | No | No | No | No | No | Yes |
| Upgrades and Migrations | |||||||
| Upgrade Coordinator | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| NSX for vSphere to NSX-T Migration Coordinator 11 |
Yes |
Yes | Yes | Yes | Yes | Yes | Yes |
| NSX Manager to Policy Promotion |
Yes |
Yes | Yes | Yes | Yes | Yes | Yes |
Notes:
- Please refer to the VMware Product Interoperability Matrices for specific versions supported with NSX-T Data Center.
- Please refer to the NSX-T Data Center release notes for specific versions.
- Please refer to the NSX-T Data Center partner website for specific versions.
- VMware vRealize Log Insight for NSX provides intelligent log analytics for NSX Data Center. Log Insight provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts. VMware vRealize Log Insight version 3.3.2 and later accepts NSX Data Center Standard/ProfessionalAdvanced/Enterprise Plus edition license keys issued for NSX-T 1.0.0 and later. This means you will have an enterprise-level Log Insight license for every license of NSX Data Center.
- VMware Workspace ONE Access - A license to use VMware NSX Data Center includes an entitlement to use the VMware Workspace ONE Access feature, but only for the following functionalities:
- Directory integration functionality of VMware Workspace ONE Access to authenticate users in a user directory such as Microsoft Active Directory or LDAP.
- Conditional access policy.
- Single-sign-on integration functionality with third party Identity providers to allow third party identity providers’ users to single-sign-on into NSX Data Center.
- Two-factor authentication solution through integration with third party systems. VMware Verify, VMware’s multi-factor authentication solution, received as part of VMware Workspace ONE Access may not be used as part of NSX Data Center.
- Single-sign-on functionality to access VMware products that support single-sign-on capabilities.
- Integration with automation tools such as vRealize Automation, vCloud Director, VMware Integrated OpenStack, and other OpenStack distributions, Ansible, and Terraform is available for all editions of NSX, however, you must have the appropriate NSX edition for the feature which is automated by these tools. For example automation of load balancing from Terraform or OpenStack requires NSX Data Center Advanced, Enterprise Plus, or ROBO.
- NSX Distributed Threat Prevention requires an additional subscription-based purchase.
- Both IPv4 and IPv6 are supported for all Load Balancing features except for IPv6-VIP-to-IPv4-member and IPv4-VIP-to-IPv6-member translations.
- Customers who have purchased the legacy NSX editions can apply their licenses to NSX-T Data Center.
- Requires VDS 7.0 or higher
- Migration Coordinator will migrate the deployment in NSX for vSphere and the features used in NSX-T. It is the responsibility of the customer to ensure the version of NSX-T allows the use of those features.
- Network Detection and Response supports event and artifact submission from Distributed Firewall only. It is a hosted service running from various VMware Regions.
- A single sensor socket entitles up to 250 artifact submissions per day with a maximum artifact size of 64MB.
- Subject to Gateway Firewall features available in that specific SKU. Please refer to NSX Security Features covered in Product offerings for NSX-T 3.2 Security
- Please refer to NSX Security Features covered in Product offerings for NSX-T 3.2 Security
Feedback
Yes
No
Powered by
