Perform the following steps to use NSX Distributed IDS/IPS.
- Set up NSX Proxy Server for Internet Connectivity. NSX IDS/IPS can work in a network without Internet connectivity, but you will need to manually update the IDS/IPS signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
- Download latest signature set and configure signature settings: Download the latest signature set if you have not selected automatic download option and configure actions for signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
- Enable nodes for NSX Distributed IDS/IPS: Select hosts on which you want to enable IDS/IPS. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
Note:
- Do not enable NSX Distributed IDS/IPS in an environment that is using Distributed Load Balancer. NSX-T Data Center does not support IDS/IPS with a Distributed Load Balancer.
- For NSX Distributed IDS/IPS to work, Distributed Firewall (DFW) must be enabled. If traffic is blocked by a DFW rule, then IDS/IPS cannot see the traffic.
- Create IDS/IPS profiles: Create profiles to group signatures. For more information, see Add an IDS/IPS Profile.
- Create distributed IDS/IPS rules and publish them: Create rules to apply a previously created profile to selected applications and traffic. For more information, see Add Rules for NSX Distributed IDS/IPS and NSX Distributed Malware Prevention.
- Verify NSX IDS/IPS status on hosts: For more information, see Verify Distributed IDS/IPS Status on Host.
- Monitor NSX IDS/IPS events. For more information, see Monitoring IDS/IPS Events.