are the Benefits of the NSX VM-Series firewall for NSX Solution?
The VM-Series firewall for VMware NSX is focused on
securing east-west communication in the software-defined data center.
Deploying the firewall has the following benefits:
Sturdier Centralized Management
deployed using this solution are licensed and managed by Panorama,
the Palo Alto Networks central management tool. Panorama serves as
a single point of configuration for integration with NSX. It gives
the NSX Manager the information is it needs to steer redirect traffic
to the VM-Series firewall for inspection and enforcement. Using
Panorama to manage both the perimeter and data center firewalls
(the hardware-based and virtual firewalls) allows you to centralize
policy management and maintain agility and consistency in policy
enforcement throughout the network.
—The NSX Manager automates the
process of delivering next-generation firewall security services
and the VM-Series firewall allows for transparent security enforcement.
When a new ESXi host is added to a cluster, a new VM-Series firewall
is automatically deployed, provisioned and available for immediate
policy enforcement without any manual intervention. The automated
workflow allows you to keep pace with the virtual machine deployments
in your data center. The hypervisor mode on the firewall removes
the need to reconfigure the ports/ vswitches/ network topology;
because each ESXi host has an instance of the firewall, the traffic
does not need to traverse the network or be backhauled for inspection
and consistent enforcement of policies.
Ease in Administering Tenants in Shared and Dedicated
—This integration provides the flexibility
in configuring the firewall to handle multiple zones for traffic
segmentation, defining shared or specific policy sets for each tenant
or sub-tenant, and includes support for overlapping IP addresses
across tenants or sub-tenants. Whether you have a shared cluster and
need to define tenant specific policies and logically isolate traffic
for each tenant (or sub-tenant), or you have a dedicated cluster
for each tenant, this solution enables you to configure the firewall
for your needs. And if you need a dedicated instance of the VM-Series
firewall for each tenant in a cluster that hosts the workloads for
multiple tenants, you can deploy multiple instances of the VM-Series
firewall on each host in an ESXi cluster. For more information,
see What is Multi-Tenant Support on the VM-Series Firewall for NSX?
Tighter Integration Between Virtual Environment and Security
Enforcement for Dynamic Security
—Dynamic address groups maintain
awareness of changes in the virtual machines/applications and ensure
that security policy stays in tandem with the changes in the network.
This awareness provides visibility and protection of applications
in an agile environment.
In summary, this solution ensures that the dynamic nature of
the virtual network is secured with minimal administrative overhead.
You can successfully deploy applications with greater speed, efficiency,