It’s no secret that traditional firewalls are ill–suited to securing east-west traffic. They’re static, inflexible, and require hair-pinning traffic around the data center. Traditional firewalls have no understanding of application context, resulting in rigid, static policies, and they don’t scale—so they’re unable to handle the massive workloads that make up modern data center traffic. As a result, many enterprises are forced to selectively secure workloads in the data center, creating gaps and blind spots in an organization’s security posture.
A software-based approach to securing east-west traffic changes the dynamic. Instead of hair-pinning traffic, VMware NSX Service-defined Firewall (SDFW) applies security policies to all workloads inside the data center, regardless of the underlying infrastructure. This provides deep context into every single workload.
Anyone interested in learning how the Service-defined Firewall can help them implement network segmentation at any level of granularity, replace legacy physical hardware, or meet growing compliance needs and stop the lateral spread of threats, should check out the following sessions:
Zoning or segmenting data center networks into manageable chunks based on line of business or production stages is often required in a scaled environment. In this session, we’ll share best practices around zoning a data center with a VMware NSX-T gateway firewall in conjunction with micro-segmentation to block lateral threat movement.
Today’s applications and data centers are highly distributed across private and public clouds, VMs, containers, and bare-metal environments. The traditional approach of firewalling east-west traffic with discrete appliances increases complexity and reduces developer agility, which leads to security compromises and inevitably creates blind spots. In this session, we’ll look at how the VMware Service-defined Firewall provides complete coverage for internal traffic in an operationally simple manner with its distributed architecture, service-aware controls, and policy automation—all delivered in software.
VMware NSX-T is a network virtualization and security platform for the enterprise that provides consistent networking and security policies across different application, hypervisor, and cloud types. This technical session will focus primarily on:
- Various use cases and security features supported by the NSX-T platform
- Architecture and implementation details of different security features
- The consumption model and best practices for NSX-T security
- A product demonstration
VMware NSX-T Data Center Distributed Firewall delivers the “wow” of micro-segmentation. But questions do arise. How does it work? Is the rule working? Where are packets being stopped? Why aren’t certain packets getting through? How do you reach a true Zero Trust environment? We’ll take an advanced look at the architecture and the inner workings of the Distributed Firewall to track, manage, and troubleshoot packets traveling through it. We’ll use a combination of user interface (UI) and command line interface (CLI) tools for troubleshooting, and VMware NSX Intelligence and VMware vRealize Network Insight to build the rules. You’ll walk out with a collection of real-world tools to manage and troubleshoot the Distributed Firewall.
Modernize Your Network Today
Physical firewall appliances are an inhibitor to building a modern network for modern applications. VMware NSX SDFW makes East-West security possible at scale without adding IT complexity—helping organizations to implement network segmentation at any level of granularity, meet compliance requirements, and reduce IT overhead.
Explore the VMworld Network and Cloud security on-demand sessions today to learn how you can modernize your data center architecture!