To protect north-south traffic that is passing through the Gateway Firewall with the NSX Malware Prevention feature, you must complete a series of steps.

Important: NSX Malware Prevention feature can function as designed only when your NSX-T Data Center is connected to the Internet.

In NSX-T 3.2, detection of malware is supported on tier-1 gateways, but not on tier-0 gateways. Prevention of malware on the Gateway Firewall is currently not supported.

Workflow:
  1. Prepare your NSX-T Data Center environment for NSX Malware Prevention on the Gateway Firewall. This preparation involves the following tasks:
    • Set up NSX Proxy Server for Internet Connectivity.
    • Deploy NSX Application Platform.
    • Activate the NSX Malware Prevention feature on the NSX Application Platform.
    • Turn on or activate NSX Malware Prevention on the tier-1 gateways.

    You can complete these preparation tasks by using either the IDS/IPS & Malware Prevention Setup wizard or the IDS/IPS & Malware Prevention Settings page. For more information about using the setup wizard, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.

  2. Add a security policy to protect traffic passing through the tier-1 gateways. This step involves the following Policy Management tasks:
    • Add a Malware Prevention profile.
    • Create groups to use them in the sources and destinations of the Gateway Firewall rules. You can add static memberships in the groups or define membership criteria.
    • Add Gateway Firewall rules on the tier-1 gateways. Attach the Malware Prevention profile to the rules.
    • Publish the rules.

    For detailed instructions, see Add Rules for NSX IDS/IPS and NSX Malware Prevention on a Gateway Firewall.

  3. Monitor and analyze the file events in the NSX Manager UI.

    For detailed instructions, see Monitoring File Events.