You perform the procedures on different components of NSX. What to read next Procedure Security Best Practices for Securing VMware NSXYou must follow multiple best practices at all times when you operate your NSX environment. Configure Security Settings for VMware NSX by Using the User InterfacesYou perform the procedure in NSX to configure logging servers, configure logging for distributed and gateway firewall rules, and configure port binding for the spoofguard profile. Configure the settings for all NSX instances in your VMware Cloud Foundation environment. Configure Security Settings for NSX by Using CLI CommandsYou configure NSX Manager to back up audit records to a logging server. Also, you configure NSX Edge nodes to back up audit records to a central audit server. Configure Security Settings for VMware NSX by Using NSX APIYou configure TLS 1.2 protocol and disable TLS 1.1 for NSX Manager. Optional Security Configurations for VMware NSXApplication Virtual Networks (AVN)s, which include the NSX Edge Cluster and NSX network segments, are no longer deployed and configured during bring-up. Instead they are implemented as a Day-N operations in SDDC Manager, providing greater flexibility. These configurations should be reevaluated if you plan to deploy NSX edges in your environment. Simiarly, Distributed Firewall (DFW) and Gateway Firewall configurations are applicable only if you purchase NSX Firewall Add-On. These configurations are included as optional and site-specific only.