Explore Next-Gen Firewall Capabilities with NSX Gateway Firewall

Updated on

NSX Gateway Firewall is a security feature of VMware NSX that provides network-level Firewall capabilities for virtualized environments. It allows organizations to enforce security policies at the edge of their virtual networks, helping to protect against external threats and unauthorized access. It is integrated with other security features of NSX, such as microsegmentation and intrusion detection and prevention, to provide a comprehensive security solution for virtualized environments.

NSX Gateway Firewall Features

The Firewall uses a stateful inspection model, which means it tracks the state of network connections and can make intelligent decisions about whether to allow or block traffic based on that information. The Firewall also provides advanced features such as Application Recognition, which allows for granular control over the types of traffic that are allowed to pass through the Firewall, and User-ID, which allows for policies to be applied based on the identity of the user or device. These capabilities allow organizations to secure their virtual networks and protect against a wide range of security threats.

Network Topology

  • Click on Networking (1) and click on Network Topology (2).
  • Apply filter on Segment-> Name -> Select the segments (3) highlighted in the image.
  • Click on Apply (4).

Review Segments

  • Review the selected segments and T1 Gateways connectivity.

Gateway Firewall for T1

  • Click on Security (1), and Select Gateway Firewall (2) under Policy Management.
  • In Gateway Firewall, Click on Gateway Specific Rules (3) and Select the Gateway NSXSecOps-T1-Prod | Tier-1 (4) .
  • Expand the  NSXSecOps-T1-Prod | Tier-1  GATEWAY  to view the rules and Click on statistics (5) to see the Rule Hit Statistics.

Activate IDS/IPS and Malware Prevention feature

The T1-Gateways,  T1_Production and T1_VDI are activated with IDS/IPS Malware prevention features for North South Traffic. In this demo we will observe how the Malware File download events in Virtual Machines are Detected and Prevented in the environment. The Firewall uses sandboxing techniques to analyze traffic and detect malware. Sandboxing allows the Firewall to run suspicious traffic in a controlled environment, where it can be observed and analyzed for malicious behavior.

We will Activate IDS/IPS and Malware Prevention features on the T1 Gateways for North South Traffic.

  • Click on Security (1) and Select IDS/IPS & Malware Prevention (2) under Policy Management.
  • Click on Settings (3) and Scroll to the end to see the available settings.

List Active Gateways

The T1 Gateways,  NSXSecOps-T1-Prod and NSXSecOps-T1_VDI are activated with IDS/IPS Malware prevention features for North South Traffic.

Gateway Specific Rules for Malware Detection & Prevention

Once the features are activated on the T1 Gateway, gateway specific rules have to be configured with security profiles for Malware Detection & Prevention.

  • Click on Gateway Rules (1) and Select Gateway Specific Rules (2).
  • Click on Drop down and Select Gateway NSXSecOps-T1_VDI (3).
  • A policy has been added for the Gateway with Default Malware Profile. For the demo purpose the Mode is configured as Detect Only. It can be changed Detect & Prevent to block the Malware traffic.

Malware Prevention Alerts

To review the Malware Prevention alerts detected by the NSX Gateway Firewall.

  • Click on Security (1).
  • Navigate to Malware Prevention (2) under Threat Detection & Response Section.
  • Change the timeline to Last 14 days (3).
  • Expand the Malware with crytodef Malware Family. Click on the Total Inspections (4) to see the detection's on Gateway Firewall.

Malicious events

Malicious events are captured by the Gateway Firewall. At this point we can see the Event Verdict, source server and destination client where Malware is downloaded. Click on Close (1) after reviewing the events.

The NSX Gateway Firewall is an essential tool for any organization looking to protect their virtualized environments and sensitive data. It provides a comprehensive security solution that can be tailored to the unique needs of the organization, and can help to protect against a wide range of security threats. With this feature, organizations can secure their virtual networks and protect against a wide range of security threats, making it an important tool for any organization looking to protect their sensitive data.