Posted by on
Categories: NSX Palo Alto Networks VMware

@VMware #NSX 6.4 adds a range of features and improvements that VMware administrators should examine and implement,  including an upgrade planner and more powerful firewall functionality. VMware NSX 6.4 improves firewall functionality by inspecting traffic at Layer 7. Previously, admins could configure rules to block Secure Shell (SSH) on TCP port 22, for example. So when a VM owner configures SSH on port 80, and firewall rules allow traffic for TCP port 80, access to SSH is still possible because only port 22 is blocked. The new deep packet inspection functionality in VMware NSX 6.4 enables the distributed firewall to look inside the actual packets to identify the applications. Using the previous example, admins can block SSH traffic regardless of the port. Such functionality was previously only available with third-party products from companies such as Palo Alto Networks or Check Point Software. This new functionality doesn’t eliminate the need for such products because they still offer features such as intrusion and malware detection. For example, the distributed firewall may let HTTP traffic through even if the URL contains SQL injection code, something that other firewalls would be able to detect and block. Be aware of new service specifications with the APP_ prefix when using this new functionality to create a firewall rule. VMware’s online documentation provides an overview of the current VMware NSX 6.4 release’s supported applications. This all works because of a new component on the ESXi host for the context-aware firewall that works with the distributed firewall. It keeps track of each traffic flow from a virtual network interface card (vNIC) and evaluates the firewall rules for that flow.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.