Identity Firewall (IDFW) allows user-based distributed firewall rules (DFW).
About this task
User-based distributed firewall rules (DFW) are determined by membership in an Active Directory (AD) group membership. IDFW monitors where Active Directory users are logged into and maps the login to an IP Address, which is used by DFW to apply firewall rules. Identity Firewall requires either guest introspection framework and/or active directory event log scraping.
- Configure Active Directory Sync in NSX, see Synchronize a Windows Domain with Active Directory. This is required to use Active Directory groups in Service Composer.
- Prepare the ESXi cluster for DFW. See Prepare the Host Cluster for NSX in the NSX Installation Guide.
- Configure Identity Firewall logon detection options. Note that you must configure one or both of these options:
Configure Active Directory event log access. See Register a Windows Domain with NSX Manager.
Windows Guest OS with guest agent installed. This comes with a complete installation of VMware Tools ™. Deploy Guest Introspection service to protected clusters. See Install Guest Introspection for Windows. For troubleshooting Guest Introspection, see Collecting Guest Introspection Troubleshooting Data.