NSX-T Data Center environment must meet specific license and software requirements to use NSX IDS/IPS and NSX Malware Prevention features.
Requirements for NSX Intrusion Detection and Prevention Service
- License Requirements
-
For NSX Intrusion Detection and Prevention Service, the Threat Prevention license is required. To read more about NSX-T Data Center security licenses, see the Security Licenses section in License Types.
Requirements for NSX Malware Prevention
- License Requirements
-
For NSX Malware Prevention feature, the Advanced Threat Prevention license is required.
For example:- NSX Distributed Firewall with Advanced Threat Prevention license
- NSX Gateway Firewall with Advanced Threat Prevention license
To read more about NSX-T Data Center security licenses, see the Security Licenses section in License Types.
- Prerequisites
-
The following prerequisites are common to both Distributed NSX Malware Prevention and Gateway NSX Malware Prevention:
- NSX Application Platform must be deployed and NSX Malware Prevention feature must be activated on the platform.
- Internet access is required even when files are not sent to the cloud for a detailed analysis. For more information, see the Notes section after this bulleted list.
- NSX Manager nodes and vSphere hosts must have connectivity to the NSX Application Platform for NSX Malware Prevention to function properly.
- Minimum supported vSphere version is 6.7
- Minimum supported VMware Tools version is 11.2.5
- Notes (IP Access to External Sites)
-
NSX Malware Prevention feature requires Internet access to download the latest signatures and to send files for cloud analysis. The following communication is done on HTTPS:
- From NSX Application Platform (K8s worker IP address) or HTTP proxy if the platform is configured with proxy.
- To NSX Advanced Threat Prevention cloud service:
- nsx.lastline.com
- nsx.west.us.lastline.com if you selected "Malware Cloud Region = United States" during installation
- nsx.nl.emea.lastline.com if you selected “Malware Cloud Region = European Union” during installation
- nsx.southeast.au.lastline.com if you selected "Malware Cloud Region = Australia" during installation
The following prerequisites apply only to Distributed NSX Malware Prevention:- Windows VMs must have VMware Tools with NSX File Introspection driver.
- On each vSphere host, service virtual machine (SVM) deployment requires following reources:
- 4 vCPU
- 6 GB RAM
- 80 GB Disk space
- Web server is required to deploy the SVM.
- vSphere host clusters must be configured with a transport node profile.
The following prerequisite applies only to Gateway NSX Malware Prevention:- NSX Edge VMs must be deployed with Extra Large form factor.
Note: NSX Malware Prevention is currently not supported on bare metal edge nodes and Public Cloud Gateways.