To use the NSX Network Detection and Response feature, you must prepare your NSX-T Data Center environment so that it meets the specific license and software requirements.
License Requirements
You must have one of the following license in effect during your
NSX Manager session. The following lists the various NSX Data Center licenses that support the
NSX Network Detection and Response feature.
- NSX Data Center Evaluation
- NSX-T Evaluation
- NSX Advanced Threat Prevention (Only applicable for customers who have previously purchased the license.)
- NSX Advanced Threat Prevention Add On for NSX Distributed Firewall with Threat Prevention
- NSX Advanced Threat Prevention Add On for NSX Distributed Firewall or NSX Advanced or NSX Enterprise Plus
- NSX Distributed Firewall with Advanced Threat Prevention
- NSX Gateway Firewall with Advanced Threat Prevention
- NSX Advanced Threat Prevention Add On for NSX Gateway Firewall
- NSX-T Advanced with NSX Advanced Threat Prevention Add-On for NSX Distributed Firewall or NSX Advanced or NSX Enterprise Plus
- NSX-T Enterprise Plus with NSX Advanced Threat Prevention Add-On for NSX Distributed Firewall or NSX Advanced or NSX Enterprise Plus
Software Requirements
You must also meet the following software requirements before you can start using the
NSX Network Detection and Response feature.
- Install NSX-T Data Center 3.2 or later.
- Deploy NSX Application Platform. See Deploying and Managing the VMware NSX Application Platform document delivered with NSX-T Data Center 3.2 or later at https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html.
Important: The
NSX Network Detection and Response feature can function as designed only when your
NSX-T Data Center environment is connected to the Internet.
NSX Network Detection and Response is not supported in air-gapped environments when there is no outbound Internet access from the Kubernetes cluster pods and the
NSX-T Data Center Unified Appliance.
Required Ports
Ensure that the required ports are open. Specifically, NSX Network Detection and Response requires the outbound TCP port 443 to be open. It uses this port to establish HTTPS connections to the NSX Advanced Threat Prevention cloud service and a limited set of other cloud services used to perform deeper threat analysis.
See https://ports.esp.vmware.com/home/NSX-Intelligence+NSX-T-Data-Center for other ports and protocols information.