• Leverage a Proven Data Center Security Model

    Attackers are increasingly focused on finding and exploiting vulnerabilities in your network, making east-west traffic the new battleground. NSX Service-defined Firewall offers a software-delivered, distributed architecture and advanced threat prevention. It enables zero-trust security that’s easy to deploy and automates policy while reducing overall costs.

    Hyperscale Throughput

    Get complete coverage with up to 20Tbps firewalling per SDDC.

    Up to 75% Savings in CapEx

    Lower CapEx relative to traditional firewall appliances.

    Up to 73% savings in OpEx

    Lower OpEx, with no network changes and automated policies.

    Benefits of NSX Service-defined Firewall

    No Network Changes

    Replace multiple appliance-based solutions and radically simplify firewall deployment and operations by eliminating changes to the network and avoiding traffic hair-pinning.?

    Eliminate Blind Spots

    Get unmatched visibility into your network and unrivaled workload context to identify and block threats, while remaining isolated from the attack surface.

    Security as Code

    An API-driven, object-based policy model delivers policy recommendations, automates policy mobility and ensures new workloads automatically receive appropriate security policies.?

    Consistent Policy Across Multi-Cloud

    Achieve agile security via consistent firewall policies across multiple environments. Write your policy once and automatically enforce it everywhere.?

    Related Resources

    Internal Firewalls for Dummies

    Organizations can no longer rely on edge firewalls alone. Learn how internal firewalls provide better security for today’s complex data centers.

    A Practical Path to Zero Trust

    Learn why organizations are leaning into zero trust security and why traditional firewalls fall short.

    The Best Way to Protect East-West Traffic

    Bolted-on security solutions can’t deliver the scalability, flexibility and cost effectiveness needed by today. Understand why intrinsic security is key.

    Frequently Asked Questions

    NSX Service-defined Firewall is a distributed, scale-out internal firewall that protects all east-west traffic with security that’s intrinsic to the infrastructure, radically simplifying the security deployment model.

    NSX Service-defined Firewall uses an intrinsic approach to security that's built into the hypervisor. It includes a stateful L4-L7 firewall, an intrusion detection/prevention system (IDS/IPS), network sandbox, and behavior-based network traffic analysis.

    Key capabilities of NSX Service-defined Firewall include:

    • Distributed, granular enforcement of security policies
    • Scalability and throughput
    • Advanced threat prevention
    • Intra-application visibility
    • Centralized management

    For full capabilities, see the datasheet.

    Use cases for NSX Service-defined Firewall include:

    • Network Segmentation
    • Zero Trust in the Data Center
    • Virtual Patching for all Workloads
    • Block Advanced Threats


    Benefits of NSX Service-defined Firewall include:

    • Mitigating security risk
    • Ensuring compliance
    • Accelerating security operations
    • Simplifying security architecture

    Why VMware for Internal Firewall

    With its distributed architecture delivered in-software, it eliminates all blind spots without requiring network changes.