It’s no secret that traditional firewalls are illsuited to securing east-west traffic. They’re static, inflexible, and require hair-pinning traffic around the data center. Traditional firewalls have no understanding of application context, resulting in rigid, static policies, and they don’t scaleso they’re unable to handle the massive workloads that make up modern data center traffic. As a result, many enterprises are forced to selectively secure workloads in the data center, creating gaps and blind spots in an organization’s security posture.  

A software-based approach to securing east-west traffic changes the dynamic. Instead of hair-pinning traffic, VMware NSX Service-defined Firewall (SDFW) applies security policies to all workloads inside the data center, regardless of the underlying infrastructure. This provides deep context into every single workload 

Anyone interested in learning how the Service-defined Firewall can help them implement network segmentation at any level of granularityreplace legacy physical hardwareor meet growing compliance needs and stop the lateral spread of threats, should check out the following sessions: 

Creating Virtual Security Zones with NSX Firewall (ISNS2090)

Zoning or segmenting data center networks into manageable chunks based on line of business or production stages is often required in a scaled environment. In this session, well share best practices around zoning a data center with a VMware NSX-T gateway firewall in conjunction with micro-segmentation to block lateral threat movement. 

Eliminate Blind Spots with a Purpose-Built Internal Firewall (ISNS1185) 

Today’s applications and data centers are highly distributed across private and public clouds, VMs, containers, and bare-metal environments. The traditional approach of firewalling east-west traffic with discrete appliances increases complexity and reduces developer agility, which leads to security compromises and inevitably creates blind spots. In this session, well look at how the VMware Service-defined Firewall provides complete coverage for internal traffic in an operationally simple manner with its distributed architecture, service-aware controls, and policy automation—all delivered in software.  

Apply Consistent Security Across VMs, Containers, and Physical Server with NSX-T (ISNS1272) 

VMware NSX-T is a network virtualization and security platform for the enterprise that provides consistent networking and security policies across different application, hypervisor, and cloud types. This technical session will focus primarily on: 

  • Various use cases and security features supported by the NSX-T platform 
  • Architecture and implementation details of different security features 
  • The consumption model and best practices for NSX-T security 
  • A product demonstration

Demystifying the NSX-T Data Center Distributed Firewall (ISNS1141) 

VMware NSX-T Data Center Distributed Firewall delivers the wow of micro-segmentation. But questions do arise. How does it work? Is the rule working? Where are packets being stopped? Why aren’t certain packets getting through? How do you reach a true Zero Trust environment? Well take an advanced look at the architecture and the inner workings of the Distributed Firewall to track, manage, and troubleshoot packets traveling through it. Well use a combination of user interface (UI) and command line interface (CLI) tools for troubleshooting, and VMware NSX Intelligence and VMware vRealize Network Insight to build the rules. Youll walk out with a collection of real-world tools to manage and troubleshoot the Distributed Firewall. 

Modernize Your Network Today 

Physical firewall appliances are an inhibitor to building a modern network for modern applications. VMware NSX SDFW makes East-West security possible at scale without adding IT complexity—helping organizations to implement network segmentation at any level of granularity, meet compliance requirements, and reduce IT overhead  

Explore the VMworld Network and Cloud security on-demand sessions today to learn how you can modernize your data center architecture!