Starting with NSX-T Data Center 3.2.1, NSX IDS/IPS on Gateway Firewall is available for production environments and has full support. However, Gateway Firewall IDS/IPS running on Azure VMware Solution (AVS), Google Cloud VMware Engine (GCVE), Oracle Cloud VMware Solution (OCVS) are in tech preview mode only. For more information, see the NSX-T Data Center Release Notes.
Perform the following steps to use NSX IDS/IPS on a Gateway Firewall.
- Set up NSX Proxy Server for Internet Connectivity. NSX IDS/IPS can work in a network without Internet connectivity, but you will need to manually update the IDS/IPS signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
- Download latest signature set and configure signature settings: Download the latest signature set if you have not selected automatic download option and configure actions for signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
- Enable nodes for IDS/IPS: Select gateways on which you want to enable IDS/IPS. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention
Note: NSX IDS/IPS for a Gateway Firewall is supported only for tier-1 gateways.
- Create IDS/IPS profiles: Create profiles to group signatures. For more information, see Add an IDS/IPS Profile.
- Create gateway IDS/IPS rules and publish them: Create rules to apply a previously created profile to selected applications and traffic. For more information, see Add Rules for NSX IDS/IPS and NSX Malware Prevention on a Gateway Firewall.
- Monitor events on nodes. For more information, see Monitoring IDS/IPS Events.