IDFW enhances traditional firewall by allowing firewall rules based on user identity. For example, administrators can allow or disallow customer support staff to access an HR database with a single firewall policy.
Identity based firewall rules are determined by membership in an Active Directory (AD) group membership. See Identity Firewall Supported Configurations.
IDFW processes the user identity at the source only in distributed firewall rules. Identity-based groups cannot be used as the destination in DFW rules.
If Windows auto-logon is enabled on VMs, go to Always wait for the network at computer startup and logon.and enable
For supprted IDFW configurations see Identity Firewall Supported Configurations.
- Enable NSX File Introspection driver and NSX Network Introspection driver. VMware Tools full installation adds these by default.
- Enable IDFW on cluster or standalone host: Enable Identity Firewall.
- Configure Active Directory domain: Add an Active Directory.
- Configure Active Directory sync operations: Synchronize Active Directory.
- Create security groups (SG) with Active Directory group members: Add a Group.
- Assign SG with AD group members to a distributed firewall rule: Add a Distributed Firewall.