The following tables outline specific functions available by edition. VMware NSX is available as a single download image with license keys required to enable specific functionality.

Table 1. Distributed Security

Distributed Security

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Firewall for NSX Switch Ports

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Distributed Firewall for VDS Switch Ports

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Stateful L2 and L3 Rules

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Stateless L2 and L3 Rules

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Distributed FQDN Filtering

No

Yes

Yes

No

Yes

Yes

Yes

No

No

No

No

Basic L7 Application Identification Rules

No

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Advanced L7 Application Identification Rules

No

No

No

No

Yes

Yes

Yes

No

No

No

No

Malicious IP Filtering

Yes - Subscription Only

Yes - Subscription Only

Yes - Subscription Only

No

Yes

Yes

Yes

No

No

No

No

Distributed Flood Protection

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Agent-Based Enforcement for Physical Servers

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Stateful L2 and L3 Rules with DPU Support

No

No

Yes - Subscription Only

No

No

No

Yes

No

No

No

No

Stateless L2 and L3 Rules with DPU Support

No

No

Yes- Subscription Only

No

No

No

Yes

No

No

No

No

Table 2. Distributed User Identity Firewall

Distributed User Identity Firewall

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Identity Firewall using Guest Introspection

No

Yes

Yes

No

Yes

Yes

Yes

No

No

No

No

Distributed Identity Firewall using Active Directory Event Server

No

Yes

Yes

No

Yes

Yes

Yes

No

No

No

No

Distributed Identity Firewall using third-party log sources

No

No

No

No

Yes

Yes

Yes

No

Yes

Yes

Yes

Table 3. Distributed Threat Prevention

Distributed Threat Prevention

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Intrusion Detection Service (IDS)

No

No

No

No

No

Yes

Yes

No

No

No

No

Distributed Behavioral IDS

No

No

No

No

No

Yes

Yes

No

No

No

No

Distributed Intrusion Prevention Service (IPS)

No

No

No

No

No

Yes

Yes

No

No

No

No

Table 4. Distributed Advanced Threat Prevention

Distributed Advanced Threat Prevention

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Malware Detection and Prevention

No

No

No

No

No

No

Yes

No

No

No

No

Cloud Sandboxing and Artifact Analysis

No

No

No

No

No

No

Yes

No

No

No

No

Distributed IDS Event Forwarding to NDR

No

No

No

No

No

Yes

Yes

No

No

No

No

Network Detection and Response (NDR)

No

No

No

No

No

No

Yes

No

No

No

No

Table 5. Service Insertion Integrations

Distributed Service Insertion Integrations

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Endpoint Protection

Yes

Yes

Yes

No

No

No

No

No

No

No

No

Distributed Network Introspection

No

Yes

Yes

No

No

No

No

No

No

No

No

Table 6. Policy, Tagging and Grouping

Policy, Tagging and Grouping

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Object Tagging / Security Tags

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Network Centric Grouping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Workload Centric Grouping

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP Based Groups

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MAC Based Groups

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Tag Based Rules

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 7. Firewall Operations

Firewall Operations

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Firewall Logging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Distributed Firewall based IPFIX

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

Rule Hit Count, Popularity Index, Flow Statistics

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Firewall Drafts

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 8. Gateway Security

Gateway Security

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Stateful L3 Rules

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Stateless L3 Rules

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Basic L7 Application Identification Rules

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Advanced L7 Application Identification Rules

No

No

No

No

No

No

No

No

Yes

Yes

Yes

URL Filtering

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Gateway Flood Protection

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Table 9. Gateway User Identity Firewall

Gateway User Identity Firewall

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Gateway Identity Firewall using Active Directory Event Server

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Gateway Identity Firewall using third-party log sources

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Table 10. Gateway Threat Prevention

Gateway Threat Prevention

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Gateway TLS Inspection

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Gateway Intrusion Detection Service (IDS) - Behavioral

No

No

No

No

No

No

No

No

No

Yes

Yes

Gateway Intrusion Prevention Service (IPS)

No

No

No

No

No

No

No

No

No

Yes

Yes

Table 11. Gateway Advanced Threat Prevention

Gateway Advanced Threat Prevention

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Malware Detection

No

No

No

No

No

No

No

No

No

No

Yes

Cloud Sandboxing and Artifact Analysis

No

No

No

No

No

No

No

No

No

No

Yes

Malware / File Event Forwarding to NDR

No

No

No

No

No

No

No

No

No

No

Yes

Table 12. Gateway Service Insertion Integrations

Gateway Service Insertion Integrations

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Gateway Network Introspection

Yes

Yes

Yes

Yes

No

No

No

No

No

No

No

Table 13. Gateway Firewall High Availability

Gateway Firewall High Availability

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Active/Standby Gateway Firewall Services

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Active/Active Gateway Firewall Services

No

No

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 14. NAT

NAT

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

NAT on North/South and East/West Logical Routers

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Source NAT

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Destination NAT

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

NAT N:N

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Stateless NAT

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

NAT Logging

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

NAT64

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Active / Active NAT Services

No

No

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 15. VPN

VPN

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

L2 VPN

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv4 L3 VPN

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv6 L3 VPN

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 16. Switching

Switching

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

vSphere Distributed Switch

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

VLAN Backed Logical Switching

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Overlay Backed Logical Switching

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Multiple TEP Support

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Spoofguard

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

No

LACP (Edge and Host)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

L2 Multicast

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

L3 Multicast

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Enhanced Datapath - Standard

No

Yes

Yes

No

No

No

No

No

No

No

No

Enhanced Datapath - Performance

No

Yes

Yes

No

No

No

No

No

No

No

No

Enhanced Datapath - Standard for DPUs8

No

Yes - Subscription Only

Yes - Subscription Only

No

No

No

No

No

No

No

No

Enhanced Datapath - Performance for DPUs

No

No

Yes - Subscription Only

No

No

No

No

No

No

No

No

Uniform Passthrough for DPUs

No

No

Yes - Subscription Only

No

No

No

No

No

No

No

No

Table 17. Quality of Service (QoS)

Quality of Service (QoS)

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

QoS Marking

Yes

Yes

Yes

No

No

No

No

No

No

No

No

QoS DSCP Trust Boundary

Yes

Yes

Yes

No

No

No

No

No

No

No

No

QoS Rate-Limit Northbound Traffic on Tier-1 Gateway

No

Yes

Yes

No

No

No

No

No

No

No

No

Table 18. L2 Bridging to Physical Environment

L2 Bridging to Physical Environment

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Software Based L2 Bridge to Physical Environments

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 19. Routing

Routing

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Distributed Routing

Yes

Yes

Yes

No

No

No

No

No

No

No

No

Multi-Tier Routing

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Active / Active Dynamic Routing with ECMP

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Active / Standby Redundancy for Routing

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Virtual Routing and Forwarding (Tier-0 Gateway VRFs)

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

EVPN

No

No

Yes

No

No

No

No

No

Yes

Yes

Yes

OSPF v2

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 20. Static Routing - IPv4

Static Routing - IPv4

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Static Routing

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

BFD

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Null Routes

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Device Routes

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Table 21. Static Routing - IPv6

Static Routing - IPv6

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Static Routing

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

BFD

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Null Routes

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Device Routes

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 22. BGP - IPv4 Unicast

BGP - IPv4 Unicast

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

eBGP

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

eBGP Multihop

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

iBGP

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Graceful Restart

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

4-byte ASN

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

BFD

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 23. BGP - IPv6 Unicast

BGP - IPv6 Unicast

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

eBGP

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

eBGP Multihop

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

iBGP

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Graceful Restart

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

4-byte ASN

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

BFD

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 24. Route Maps

Route Maps

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Match on Prefix-List and Community-List

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Set Weight, MED, AS Path, Prepending, Local Preference, and Community

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 25. Other

Other Routing

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

High Availability Virtual IP (HA VIP)

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Route Redistribution

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

IP Prefix-Lists

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Per Interface RPF Check

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Table 26. DNS, DHCP and IPAM (DDI)

DNS, DHCP and IPAM (DDI)

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

IPAM

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IP Blocks

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IP Subnets

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IP Pools

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv4 DHCP Server

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv6 DHCP Server

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

IPv4 DHCP Relay

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv6 DHCP Relay

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

IPv4 DHCP Static Bindings / Fixed Addresses

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

IPv6 DHCP Static Bindings / Fixed Addresses

No

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

IPv4 DNS Relay / DNS Proxy

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Table 27. Load Balancing6

Load Balancing

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Protocols

TCP (L4-L7)

No

Yes

Yes

Yes

No

No

No

No

No

No

No

UDP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

HTTP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Load Balancing Methods

Round Robin

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Source IP Hash

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Least Connections

No

Yes

Yes

Yes

No

No

No

No

No

No

No

L7 Application Rules with RegEx Support

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Heath Checks

TCP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

ICMP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

UDP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

HTTP

No

Yes

Yes

Yes

No

No

No

No

No

No

No

HTTPS

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Monitoring

View VIP / Pool / Server Objects

No

Yes

Yes

Yes

No

No

No

No

No

No

No

View VIP / Pool / Server Statistics

No

Yes

Yes

Yes

No

No

No

No

No

No

No

View Global Statistics VIP Sessions

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Load Balancing Automation

Pool Members Based on vCenter Context or IP Addresses

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Other

Connection Throttling

No

Yes

Yes

Yes

No

No

No

No

No

No

No

High-Availability

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Table 28. Modern Apps

Modern Apps

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Container Networking and Security

No

Yes

Yes

No

No

No

No

No

No

No

No

VMware Container Networking with Project Antrea Enterprise

No

Yes

Yes

No

No

No

No

No

No

No

No

Distributed Load Balancing

No

Yes

Yes

No

No

No

No

No

No

No

No

Table 29. Automation

Automation

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

REST API

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Hierarchical Policy API

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

JSON Support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OpenAPI / Swagger Spec

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Java SDK

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Python SDK

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Terraform Provider5

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Ansible Modules5

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Integration with Aria Automation1,5

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Integration with vCloud Director1,5

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Integration with VMware Integrated OpenStack1,5

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 30. Multi-Tenancy

Multi-Tenancy

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Projects (User Defined)

1

1

Configuration Maximum

No

No

No

No

No

No

No

No

NSX VPCs

8

8

Configuration Maximum

No

No

No

No

No

No

No

No

Table 31. Platform

Platform

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

ESXi Support

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Manager / Controller Clustering

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

vCenter Integration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Multi-vCenter® Networking and Security

No

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Federation

No

No

Yes

No

No

No

No

No

No

No

No

Edge in VM Form Factor

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Edge in Bare-Metal Form Factor for Routing

Yes

Yes

Yes

No

No

No

No

No

Yes

Yes

Yes

Edge in Bare-Metal Form Factor for Gateway Firewall

No

No

No

No

No

No

No

No

Yes

Yes

Yes

DPDK Optimized Forwarding

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Dual Stack (IPv4/IPv6) External Management

Yes

Yes

Yes

No

No

No

No

No

No

No

No

Table 32. Authentication and Authorization

Authentication and Authorization

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Authentication using Workspace ONE Access1,4

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Direct Active Directory Integration via LDAP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authentication via OpenLDAP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Session Based Authentication

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Certificate Based Authentication (Principle Identity)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Role Based Access Control

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 33. Log Management

Log Management

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Aria Operations for Logs Integration (Plugin)2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Splunk Integration (Plugin)3

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 34. Installation

Installation

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Automated Manager Deployment

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Manual Manager Deployment

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Automated Edge Deployment

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Manual Edge Deployment

Yes

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Automated Host Preparation by Cluster

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

Table 35. Operations

Operations

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Port Mirroring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Traceflow

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NSX Live Traffic Analysis

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Tunnel Health Monitoring

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Port Connectivity Tool

Yes

Yes

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Switch Based IPFIX

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

LLDP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Linux Only

Yes

Yes

Yes

Automated Technical Support Bundles

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Packet Capture

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Backup and Restore

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP v1/v2/v3 with Traps

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Time-Series Metrics

No

No

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Table 36. Upgrade and Migration

Upgrade and Migration

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Upgrade Coordinator

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NSX for vSphere to NSX-T Migration Coordinator

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NSX Manager to Policy Promotion

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 37. Included Product Entitlement

Included Product Entitlement

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

Aria Operations for Logs for NSX (SaaS)

No

No

No

No

No

No

No

No

No

No

No

Aria Operations for Logs for NSX (on-premises)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Aria Operations for Networks Advanced

No

No

Yes

No

No

No

No

No

No

No

No

Aria Operations for Networks Enterprise

No

No

No

No

No

No

No

No

No

No

No

HCX Advanced

No

No

Yes

No

No

No

No

No

No

No

No

HCX Enterprise

No

No

No

No

No

No

No

No

No

No

No

HCX+

No

No

No

No

No

No

No

No

No

No

No

Workspace One Access

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NSX Advanced Load Balancer Enterprise

No

One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only.

One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only.

No

No

No

No

No

No

No

No

NSX+ Advanced Load Balancer Cloud Services

No

No

No

No

No

No

No

No

No

No

No

Table 38. NSX Intelligence

NSX Intelligence

NSX Professional

NSX Advanced

NSX Enterprise Plus

NSX for Remote Office Branch Office

NSX Distributed Firewall

NSX Distributed Firewall with Threat Prevention

NSX Distributed Firewall with Advanced Threat Prevention

NSX Firewall for Baremetal Servers

NSX Gateway Firewall

NSX Gateway Firewall with Threat Prevention

NSX Gateway Firewall with Advanced Threat Prevention

VM-to-VM Traffic Flow Analysis

No

No

Yes

No

Yes

Yes

Yes

No

No

No

No

Firewall Visibility

No

No

Yes

No

Yes

Yes

Yes

No

No

No

No

Automated Security Policy

No

No

Yes

No

Yes

Yes

Yes

No

No

No

No

Rule and Group Recommendation Analytics

No

No

Yes

No

Yes

Yes

Yes

No

No

No

No

Network Traffic Analytics

No

No

No

No

No

No

Yes

No

No

No

No

Footnotes

  1. Please refer to the VMware Product Interoperability Matrices for specific versions supported with VMware NSX.

  2. VMware Aria Operations for Logs for NSX provides intelligent log analytics for NSX. VMware Aria Operations for Logs version 3.3.2 and accepts NSX edition license keys issued for NSX 1.0.0 and later. This means you will have an enterprise-level VMware Aria Operations for Logs for NSX license for every license of NSX.

  3. Please refer to the NSX partner website for specific versions.

  4. VMware Workspace ONE Access - A license to use VMware NSX includes an entitlement to use the VMware Workspace ONE Access feature, but only for the following functionalities:

    • Directory integration functionality of VMware Workspace ONE Access to authenticate users in a user directory such as Microsoft Active Directory or LDAP.

    • Conditional access policy.

    • Single-sign-on integration functionality with third party Identity providers to allow third party identity providers’ users to single-sign-on into NSX.

    • Two-factor authentication solution through integration with third party systems. VMware Verify, VMware’s multi-factor authentication solution, received as part of VMware Workspace ONE Access may not be used as part of NSX.

    • Single-sign-on functionality to access VMware products that support single-sign-on capabilities.

  5. Integration with automation tools such as VMware Aria Automation, vCloud Director, VMware Integrated OpenStack, Ansible, and Terraform is available for all editions of NSX, however, you must have the appropriate NSX edition for the feature which is automated by these tools. For example automation of load balancing from Terraform or OpenStack requires NSX Advanced, Enterprise Plus, or ROBO.

  6. Both IPv4 and IPv6 are supported for all load balancing features except for IPv6-VIP-to-IPv4-member and IPv4-VIP-to-IPv6-member translations. VMware recommends that customers using NSX load balancing features migrate to NSX Advanced Load Balancer Enterprise (Avi).

  7. Requires VDS 7.0 or higher

  8. Customers who have purchased vSphere Enterprise Plus are also entitled to use the Enhanced Datapath – Standard for DPUs feature. This feature requires the installation of the NSX Manager.