IDFW enhances traditional firewall by allowing firewall rules based on user identity. For example, administrators can allow or disallow customer support staff to access an HR database with a single firewall policy.
User-based distributed firewall rules are determined by membership in an Active Directory (AD) group membership. Identity Firewall requires a Thin Agent.
VMware Tools version 10.3 or later: NSX File Introspection driver, NSX Network Introspection driver, VMCI driver.
Host operating system: ESXi only
- Desktop enforcement: Windows 8, Windows 10
- RDSH enforcement: Windows 2012R2, Windows 2016
- Enable NSX File Introspection driver and NSX Network Introspection driver. VMware Tools full installation adds these by default.
- Enable IDFW on cluster or standalone host: Enable Identity Firewall.
- Configure Active Directory domain: Add an Active Directory.
- Configure Active Directory sync operations: Synchronize Active Directory.
- Create security groups (SG) with Active Directory group members: Add a Group.
- Assign SG with AD group members to a distributed firewall rule: Add a Distributed Firewall.