Perform the following steps to use NSX Distributed IDS/IPS.

  1. Set up NSX Proxy Server for Internet Connectivity. NSX IDS/IPS can work in a network without Internet connectivity, but you will need to manually update the IDS/IPS signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
  2. Download latest signature set and configure signature settings: Download the latest signature set if you have not selected automatic download option and configure actions for signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
  3. Enable nodes for NSX Distributed IDS/IPS: Select hosts on which you want to enable IDS/IPS. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
    Note:
    • Do not enable NSX Distributed IDS/IPS in an environment that is using Distributed Load Balancer. NSX-T Data Center does not support IDS/IPS with a Distributed Load Balancer.
    • For NSX Distributed IDS/IPS to work, Distributed Firewall (DFW) must be enabled. If traffic is blocked by a DFW rule, then IDS/IPS cannot see the traffic.
  4. Create IDS/IPS profiles: Create profiles to group signatures. For more information, see Add an IDS/IPS Profile.
  5. Create distributed IDS/IPS rules and publish them: Create rules to apply a previously created profile to selected applications and traffic. For more information, see Add Rules for NSX Distributed IDS/IPS and NSX Distributed Malware Prevention.
  6. Verify NSX IDS/IPS status on hosts: For more information, see Verify Distributed IDS/IPS Status on Host.
  7. Monitor NSX IDS/IPS events. For more information, see Monitoring IDS/IPS Events.