To protect north-south traffic that is passing through the Gateway Firewall with the NSX Malware Prevention feature, you must complete a series of steps.
Important:
NSX Malware Prevention feature can function as designed only when your
NSX environment is connected to the Internet.
Detection of malware is supported on tier-1 gateways, but not on tier-0 gateways. Prevention of malware on the Gateway Firewall is currently not supported.
Workflow:
- Prepare your NSX environment for NSX Malware Prevention on the Gateway Firewall. This preparation involves the following tasks:
- Set up NSX Proxy Server for Internet Connectivity.
- Deploy NSX Application Platform.
- Activate the NSX Malware Prevention feature on the NSX Application Platform.
- Turn on or activate NSX Malware Prevention on the tier-1 gateways.
You can complete these preparation tasks by using either the IDS/IPS & Malware Prevention Setup wizard or the IDS/IPS & Malware Prevention Settings page. For more information about using the setup wizard, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
- Add a security policy to protect traffic passing through the tier-1 gateways. This step involves the following Policy Management tasks:
- Add a Malware Prevention profile.
- Create groups to use them in the sources and destinations of the Gateway Firewall rules. You can add static memberships in the groups or define membership criteria.
- Add Gateway Firewall rules on the tier-1 gateways. Attach the Malware Prevention profile to the rules.
- Publish the rules.
For detailed instructions, see Add Rules for NSX IDS/IPS and NSX Malware Prevention on a Gateway Firewall.
- Monitor and analyze the file events in the NSX Manager UI.
For detailed instructions, see Monitoring File Events.