VMware NSX-T and NSX-v Firewall Security Policy Automation

Tufin provides unified network security policy management and visibility of the NSX-T, NSX-V, and the hybrid environment. IT and security teams can automatically apply and enforce micro-segmentation across all environments to ensure only trusted traffic flows are allowed.

Firewall security Policy violations are automatically detected and alerted in real-time for rapid mitigation. In addition, network changes are automatically designed for the most efficient and compliant access path, provisioned across all devices, validated, and tracked for audit preparedness.

Tufin integration helps VMware NSX customers achieve:

  • End-to-end Visibility. View and track changes to network security policies and configuration across the NSX-T environment and the rest of the hybrid network
  • Microsegmentation. Define and manage micro-segmentation across any environment, including NSX-T and NSX-V
  • Policy-driven change automation. Automate network changes while enabling adherence to corporate policy, understanding the potential risk, and pushing changes to relevant devices
  • Continuous compliance. Assess potential risks before provisioning policy changes across all devices. Gain real-time security policy compliance monitoring, analysis, and alerts on policy changes. Continuously track security policy configuration changes across virtual and physical networks.

Learn more about how VMware NSX users can use Tufin firewall security policy automation solutions.

Transition applications to the SDN faster and safer, ensuring security policy remains intact and validate connectivity.

Design, deploy and manage microsegmentation across your on-prem network, the NSX SDN (either by IPs or Security Groups), and public clouds while ensuring business continuity.

Centralize management of security policies across all firewalls, routers, and switches throughout the entire data center via a single interface.

Automate network access changes, provisioning changes to the NSX Distributed Firewall and other NGFWs, legacy firewalls, and public cloud.

Automate Software-Defined Network Microsegmentation for VMware NSX

Increase business agility, reduce costs, and centralize security policy management for network virtualization through VMware NSX and the rest of your hybrid, multi-cloud network with Tufin.

Tufin consolidates and centralizes security policy management across VMWare NSX software-defined network environments, as well as physical networks and public cloud platforms. This provides holistic visibility into and control over your heterogenous physical network devices and cloud resources.

Benefits of using Tufin to manage VMware NSX Microsegmentation

  • Gain granular cloud management capabilities across virtual, physical and cloud.

  • Centralize the design, management and monitoring of segmentation policies across your hybrid network, including for VMWare NSX environments.

  • Visualize security policies and topology across physical networks and virtual environments.

  • Identify traffic an application uses and the existing legacy firewall rules that enable it.

  • Identify policy violations and gaps between what is desired and what is running across firewalls, routers, and security groups.

  • Improve network security by implementing security as close as possible to the application servers and data assets.

  • Design and operationalize security policies identical to the physical appliances that control the north-south traffic to the data center.

READ: Operationalizing VMWare NSX Segmentation

Tufin creates a unified security policy layer across the entire enterprise network and its data centers. Tufin has the broadest API integration across the security, networking and cloud ecosystems.



What is VMWare NSX?

Improve your cybersecurity and internal workflows with VMware NSX. NSX service-defined, distributed firewalls (DFW) protect each virtual machine (VM) within a data center with its own firewall, which runs the entire set of security capabilities for any traffic going through the firewall. In helping to virtualize switching, firewalling, load balancing, and routing, NSX is helping organizations realize the full value of the software-defined data center.

Key benefits include:

  • Granular security that prevents threats for spreading laterally with micro-segmented security policies at workload level
  • Stateful, NSX distributed firewall embedded in hypervisor kernel and distributed across the entire environment
  • Improved operational efficiency and agility with by reducing provisioning time from days to seconds
  • Enhanced visibility with visualization of every network traffic flow
  • Configure and manage subnets for Kubernetes namespaces
  • Manage network and security controls and policies independent of physical network topology across data centers, public and private clouds, and application frameworks
  • Enable stateful firewalling up to Layer 7 across multi-cloud environments
  • Simplified security operations with faster time to discover, analyze and enforce segmentation policies
  • Detect threat movement on east-west traffic with distributed analysis
  • Run a security policy within the hypervisor level so that traffic that goes through any VM is inspected as soon as it hits a virtual wire
  • A full suite of logical networking and security capabilities, including logical switching, routing, firewalling, load balancing, VPN, and monitoring
  • Seamless connection between virtual and physical workloads with bridging between VLANs configured on NSX overlay networks and physical networks
  • Attain zero trust security for applications in private and public cloud environments
  • API integration with next-generation firewalls, intrusion prevention systems (IPS), agent-less antivirus, advanced security, and more
  • Create, configure, and monitor NSX components with NSX Manager, which supplies an aggregated system overview and allows you to activate the malware prevention feature
  • Eliminate the need for hairpinning east-west traffic with NSX’s distributed internal firewall

NSX is suitable for use cases related to network security, multi-cloud networking, automation, networking and security for cloud-native apps.

There are two types of NSX platforms. NSX for vSphere (NSX-v) is specific to vSphere hypervisor environments and requires installation of the VMware vCenter. VMware NSX-T (NSX-Transformers) can be used in cases when NSX-v does not apply. NSX-T supports SDN for VMware vSphere as well as network virtualization for Kubernetes, Docker, KVM, OpenStack, and AWS native workloads.

Get the visibility and control you need to secure your enterprise.

Only Tufin provides automation and a unified security policy, from on-prem to cloud, across NetSec and DevOps.