NSX-T Data Center environment must meet specific license and software requirements to use NSX IDS/IPS and NSX Malware Prevention features. These two security features are a part of the VMware NSX® Advanced Threat Prevention solution.

License Requirements

For information about NSX Distributed Firewall licenses and NSX Gateway Firewall licenses that are required to run the NSX Advanced Threat Prevention solution, see the Security Licenses section in License Types.

Software Requirements

For NSX Malware Prevention feature:
  • NSX Application Platform must be deployed and the NSX Malware Prevention feature must be activated on the platform.
  • On Gateway Firewall, NSX Edge VMs with Extra Large form factor must be deployed.
  • On Distributed Firewall, NSX Malware Prevention service virtual machine must be deployed on vSphere host clusters.
For NSX IDS/IPS feature:
  • On Gateway Firewall, NSX Edge VMs with at least the Large form factor must be deployed.
  • NSX Malware Prevention is currently not supported on NSX Edge bare metal and Public Cloud Gateways.
  • NSX Malware Prevention feature can function as designed only when your NSX-T Data Center is connected to the Internet.
  • NSX Manager nodes and vSphere hosts must have connectivity to the NSX Application Platform for NSX Malware Prevention to function properly.