Support for NSX Security Tags on the VM-Series Firewall for
The VM-Series for NSX now supports the tagging
of guest VMs with NSX security tags due to the addition of the source
and destination universally unique identifier (UUID) of guest VMs
in your NSX deployment. Vmware vCenter passes the source and destination
UUID to the VM-Series firewall via the Netx API and added to the
threat and traffic logs. With this information in the logs, the
firewall can be configured to tag infected guest VMs via the NSX
Panorama receives predefined payload formats
for NSX through content updates. These formats are available in
the HTTP Server profile, which you can use to make an API call and
trigger an automatic action on the NSX Manager. For example, whenever
a threat log of critical severity is generated on the firewall,
Panorama uses the API to communicate with the NSX Manager to tag
the guest VM as infected. The NSX manager then dynamically moves the guest VM with the infected
tag into a quarantined security group.
Create an HTTP Server Profile to send API calls to NSX
Manager. This server profile must send an HTTP PUT request to NSX
Manager and use one of the predefined NSX payload formats.
Define the match criteria for when Panorama will forward
logs to the NSX Manager, and attach the HTTP server profile to use.
Configure an NSX server certificate for Panorama to forward
logs to NSX manager. Those server certificates must exported and
uploaded to NSX Manager to allow for necessary communication to
Log in to vCenter and associate a security group with
a security tag. The security tag your associate with your quarantine
security group must match the payload format you configured in your
HTTP Server profile.