NSX Application IDs

Application IDs identify which application a particular packet or flow is generated by, independent of the port that is being used. Using App IDs reduces north south and east west attacks by only allowing appropriate traffic across an open port.

Enforcement based on App IDs enable users to allow or deny applications to run on any port, or to force applications to run on their standard port. vDPI enables matching packet payload against defined patterns, commonly referred to as signatures. Signature-based identification and enforcement enables customers to match the particular application/protocol a flow belongs to, and the version of that protocol, for example TLS version 1.0, TLS version 1.2 or different versions of CIFS traffic. This allows you to have visibility into or restrict the use of protocols that have known vulnerabilities for all deployed applications, and their E-W flows within the datacenter.

NSX 4.1.x

The following Appplication IDs are supported:

  • Distributed Firewall Application IDs
  • Gateway Firewall Application IDs
  • NSX 4.0.1.1

  • Distributed Firewall Application IDs
  • Gateway Firewall Application IDs
  • NSX 4.0.0.1

  • NSX Application IDs (DFW & GFW)
  • NSX-T 3.2.x

  • NSX Application IDs (DFW & GFW)
  • NSX-T 3.1.x

  • NSX-T Application 3.1.x IDs
  • Scroll to top icon