In NSX-T Data Center 3.2.0, NSX IDS/IPS on Gateway Firewall was available in tech preview mode only. Starting with NSX-T Data Center 3.2.1, this feature is available for production environments and has full support. For more information, see the NSX-T Data Center Release Notes.

Perform the following steps to use NSX IDS/IPS on a Gateway Firewall.

  1. Set up NSX Proxy Server for Internet Connectivity. NSX IDS/IPS can work in a network without Internet connectivity, but you will need to manually update the IDS/IPS signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
  2. Download latest signature set and configure signature settings: Download the latest signature set if you have not selected automatic download option and configure actions for signatures. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
  3. Enable nodes for IDS/IPS: Select gateways on which you want to enable IDS/IPS. For more information, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention
    Note: NSX IDS/IPS for a Gateway Firewall is supported only for tier-1 gateways.
  4. Create IDS/IPS profiles: Create profiles to group signatures. For more information, see Add an IDS/IPS Profile.
  5. Create gateway IDS/IPS rules and publish them: Create rules to apply a previously created profile to selected applications and traffic. For more information, see Add Rules for NSX IDS/IPS and NSX Malware Prevention on a Gateway Firewall.
  6. Monitor events on nodes. For more information, see Monitoring IDS/IPS Events.