NSX-T Data Center environment must meet specific license and software requirements to use NSX IDS/IPS and NSX Malware Prevention features.

Requirements for NSX Intrusion Detection and Prevention Service

License Requirements

For NSX Intrusion Detection and Prevention Service, the Threat Prevention license is required. To read more about NSX-T Data Center security licenses, see the Security Licenses section in License Types.

Prerequisites
For Gateway IDS/IPS, NSX Edge VMs with at least the Large form factor must be deployed.

Requirements for NSX Malware Prevention

License Requirements

For NSX Malware Prevention feature, the Advanced Threat Prevention license is required.

For example:
  • NSX Distributed Firewall with Advanced Threat Prevention license
  • NSX Gateway Firewall with Advanced Threat Prevention license

To read more about NSX-T Data Center security licenses, see the Security Licenses section in License Types.

Prerequisites
The following prerequisites are common to both Distributed NSX Malware Prevention and Gateway NSX Malware Prevention:
  • NSX Application Platform must be deployed and NSX Malware Prevention feature must be activated on the platform.
  • Internet access is required even when files are not sent to the cloud for a detailed analysis. For more information, see the Notes section after this bulleted list.
  • NSX Manager nodes and vSphere hosts must have connectivity to the NSX Application Platform for NSX Malware Prevention to function properly.
  • Minimum supported vSphere version is 6.7
  • Minimum supported VMware Tools version is 11.2.5
Notes (IP Access to External Sites)
NSX Malware Prevention feature requires Internet access to download the latest signatures and to send files for cloud analysis. The following communication is done on HTTPS:
  • From NSX Application Platform (K8s worker IP address) or HTTP proxy if the platform is configured with proxy.
  • To NSX Advanced Threat Prevention cloud service:
    • nsx.lastline.com
    • nsx.west.us.lastline.com if you selected "Malware Cloud Region = United States" during installation
    • nsx.nl.emea.lastline.com if you selected “Malware Cloud Region = European Union” during installation
    • nsx.southeast.au.lastline.com if you selected "Malware Cloud Region = Australia" during installation
The following prerequisites apply only to Distributed NSX Malware Prevention:
  • Windows VMs must have VMware Tools with NSX File Introspection driver.
  • On each vSphere host, service virtual machine (SVM) deployment requires following reources:
    • 4 vCPU
    • 6 GB RAM
    • 80 GB Disk space
  • Web server is required to deploy the SVM.
  • vSphere host clusters must be configured with a transport node profile.
The following prerequisite applies only to Gateway NSX Malware Prevention:
  • NSX Edge VMs must be deployed with Extra Large form factor.
Note: NSX Malware Prevention is currently not supported on bare metal edge nodes and Public Cloud Gateways.