NSX environment must meet specific license and software requirements to use NSX IDS/IPS and NSX Malware Prevention features.
Requirements for NSX Intrusion Detection and Prevention Service
- License Requirements
-
For NSX Intrusion Detection and Prevention Service, the Threat Prevention license is required. To read more about NSX security licenses, see the Security Licenses section in License Types.
Requirements for NSX Malware Prevention
- License Requirements
-
For NSX Malware Prevention feature, the Advanced Threat Prevention license is required.
For example:- NSX Distributed Firewall with Advanced Threat Prevention license
- NSX Gateway Firewall with Advanced Threat Prevention license
To read more about NSX security licenses, see the Security Licenses section in License Types.
- Prerequisites
-
The following prerequisites are common to both Distributed NSX Malware Prevention and Gateway NSX Malware Prevention:
- NSX Application Platform must be deployed and NSX Malware Prevention feature must be activated on the platform.
- Internet access is required even when files are not sent to the cloud for a detailed analysis. For more information, see the Notes section after this bulleted list.
- NSX Manager nodes and vSphere hosts must have connectivity to the NSX Application Platform for NSX Malware Prevention to function properly.
- Minimum supported vSphere version is 6.7
- Minimum supported VMware Tools version is 11.2.5
- Notes (IP Access to External Sites)
-
NSX Malware Prevention feature requires Internet access to download the latest signatures and to send files for cloud analysis. The following communication is done on HTTPS:
- From NSX Application Platform (K8s worker IP address) or HTTP proxy if the platform is configured with proxy.
- To NSX Advanced Threat Prevention cloud service:
- nsx.lastline.com
- nsx.west.us.lastline.com if you selected "Malware Cloud Region = United States" during installation
- nsx.nl.emea.lastline.com if you selected “Malware Cloud Region = European Union” during installation
- nsx.southeast.au.lastline.com if you selected "Malware Cloud Region = Australia" during installation
The following prerequisites apply only to Distributed NSX Malware Prevention:- Windows VMs must have VMware Tools with NSX File Introspection driver.
- Linux VMs must have the File Introspection driver for Linux.
- On each vSphere host, service virtual machine (SVM) deployment requires following reources:
- 4 vCPU
- 6 GB RAM
- 80 GB Disk space
- Web server is required to deploy the SVM.
- vSphere host clusters must be configured with a transport node profile.
The following prerequisite applies only to Gateway NSX Malware Prevention:- NSX Edge VMs must be deployed with Extra Large form factor, or use bare metal edge nodes.
Note:- In NSX 4.0, NSX Malware Prevention is not supported on bare metal edge nodes. Starting in NSX 4.0.1.1, this feature is supported on bare metal edge nodes.
- NSX Malware Prevention feature is not supported on Public Cloud Gateways.