The NSX edition of the VM-Series firewall is focused on securing east-west communication in the software-defined data center. Deploying the firewall has the following benefits:
Automated Deployment —The NSX Manager automates the process of delivering next-generation firewall security services and the VM-Series firewall allows for transparent security enforcement. When a new ESXi host is added to a cluster, a new VM-Series firewall is automatically deployed, provisioned and available for immediate policy enforcement without any manual intervention. The automated workflow allows you to keep pace with the virtual machine deployments in your data center. The hypervisor mode on the firewall removes the need to reconfigure the ports/ vswitches/ network topology; because each ESXi host has an instance of the firewall, the traffic does not need to traverse the network or be backhauled for inspection and consistent enforcement of policies. Ease in Administering Tenants in Shared and Dedicated Compute Infrastructure —This integration provides the flexibility in configuring the firewall to handle multiple zones for traffic segmentation, defining shared or specific policy sets for each tenant or sub-tenant, and includes support for overlapping IP addresses across tenants or sub-tenants. Whether you have a shared cluster and need to define tenant specific policies and logically isolate traffic for each tenant (or sub-tenant), or you have a dedicated cluster for each tenant, this solution enables you to configure the firewall for your needs. And if you need a dedicated instance of the VM-Series firewall for each tenant in a cluster that hosts the workloads for multiple tenants, you can deploy multiple instances of the VM-Series firewall on each host in an ESXi cluster. For more information, see What is Multi-Tenant Support on the VM-Series NSX Edition Firewall? Tighter Integration Between Virtual Environment and Security Enforcement for Dynamic Security —Dynamic address groups maintain awareness of changes in the virtual machines/applications and ensure that security policy stays in tandem with the changes in the network. This awareness provides visibility and protection of applications in an agile environment. Sturdier Centralized Management —The firewalls deployed using this solution are licensed and managed by Panorama, the Palo Alto Networks central management tool. Using Panorama to manage both the perimeter and data center firewalls (the hardware-based and virtual firewalls) allows you to centralize policy management and maintain agility and consistency in policy enforcement throughout the network.
In summary, this solution ensures that the dynamic nature of the virtual network is secured with minimal administrative overhead. You can successfully deploy applications with greater speed, efficiency, and security.

Related Documentation