To use the NSX Network Detection and Response feature, you must prepare your NSX environment so that it meets the specific license and software requirements.

License Requirements

You must have one of the following license in effect during your NSX Manager session. The following lists the various NSX licenses that support the NSX Network Detection and Response feature.

Base SKU License

Add-on SKU License

NSX-T Evaluation

None required

NSX Data Center Evaluation

None required

NSX Advanced Threat Prevention

(Only applicable for customers who have previously purchased the license.)

None required

One of the following:

  • NSX Distributed Firewall with Threat Prevention

  • NSX Distributed Firewall

  • NSX Advanced

  • NSX Enterprise Plus

NSX Advanced Threat Prevention for Distributed Firewall

NSX Distributed Firewall with Advanced Threat Prevention

None required

NSX Gateway Firewall with Advanced Threat Prevention

None required

One of the following:

  • NSX Gateway Firewall with Threat Prevention

  • NSX Gateway Firewall

NSX Advanced Threat Prevention for Gateway Firewall

NSX Advanced with Advanced Threat Prevention

None required

NSX Enterprise Plus with Advanced Threat Prevention

None required

Software Requirements

You must also meet the following software requirements before you can start using the NSX Network Detection and Response feature.

  • Install NSX 3.2 or later.

  • Deploy NSX Application Platform. See Deploying and Managing the VMware NSX Application Platform document delivered with NSX 3.2 or later in the VMware NSX Documentation set.
    Note: The versioning of the NSX Network Detection and Response feature that is hosted on the NSX Application Platform matches the NSX Application Platform version, and not the NSX product version number.
Important:

The NSX Network Detection and Response feature can function as designed only when your NSX environment is connected to the Internet. NSX Network Detection and Response is not supported in air-gapped environments when there is no outbound Internet access from the Kubernetes cluster pods and the NSX Unified Appliance.

Required Ports

Ensure that the required ports are open. Specifically, NSX Network Detection and Response requires the outbound TCP port 443 to be open. It uses this port to establish HTTPS connections to the NSX Advanced Threat Prevention cloud service and a limited set of other cloud services used to perform deeper threat analysis.

See the VMware Ports and Protocols webpage for other ports and protocols information.