The following tables outline specific functions available by edition. VMware NSX is available as a single download image with license keys required to enable specific functionality.
Distributed Security |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Firewall for NSX Switch Ports |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
Distributed Firewall for VDS Switch Ports |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Stateful L2 and L3 Rules |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
Stateless L2 and L3 Rules |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
Distributed FQDN Filtering |
No |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Basic L7 Application Identification Rules |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Advanced L7 Application Identification Rules |
No |
No |
No |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Malicious IP Filtering |
Yes - Subscription Only |
Yes - Subscription Only |
Yes - Subscription Only |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Distributed Flood Protection |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Agent-Based Enforcement for Physical Servers |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
Stateful L2 and L3 Rules with DPU Support |
No |
No |
Yes - Subscription Only |
No |
No |
No |
Yes |
No |
No |
No |
No |
Stateless L2 and L3 Rules with DPU Support |
No |
No |
Yes- Subscription Only |
No |
No |
No |
Yes |
No |
No |
No |
No |
Distributed User Identity Firewall |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Identity Firewall using Guest Introspection |
No |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Distributed Identity Firewall using Active Directory Event Server |
No |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Distributed Identity Firewall using third-party log sources |
No |
No |
No |
No |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Distributed Threat Prevention |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Intrusion Detection Service (IDS) |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Distributed Behavioral IDS |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Distributed Intrusion Prevention Service (IPS) |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Distributed Advanced Threat Prevention |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Malware Detection and Prevention |
No |
No |
No |
No |
No |
No |
Yes |
No |
No |
No |
No |
Cloud Sandboxing and Artifact Analysis |
No |
No |
No |
No |
No |
No |
Yes |
No |
No |
No |
No |
Distributed IDS Event Forwarding to NDR |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Network Detection and Response (NDR) |
No |
No |
No |
No |
No |
No |
Yes |
No |
No |
No |
No |
Distributed Service Insertion Integrations |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Endpoint Protection |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Distributed Network Introspection |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Policy, Tagging and Grouping |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Object Tagging / Security Tags |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Network Centric Grouping |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Workload Centric Grouping |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
IP Based Groups |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
MAC Based Groups |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Tag Based Rules |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Firewall Operations |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Firewall Logging |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Distributed Firewall based IPFIX |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
Rule Hit Count, Popularity Index, Flow Statistics |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Firewall Drafts |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Gateway Security |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Stateful L3 Rules |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Stateless L3 Rules |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Basic L7 Application Identification Rules |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Advanced L7 Application Identification Rules |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
URL Filtering |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Gateway Flood Protection |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Gateway User Identity Firewall |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Gateway Identity Firewall using Active Directory Event Server |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Gateway Identity Firewall using third-party log sources |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Gateway Threat Prevention |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Gateway TLS Inspection |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Gateway Intrusion Detection Service (IDS) - Behavioral |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Gateway Intrusion Prevention Service (IPS) |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Gateway Advanced Threat Prevention |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Malware Detection |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Cloud Sandboxing and Artifact Analysis |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Malware / File Event Forwarding to NDR |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Gateway Service Insertion Integrations |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Gateway Network Introspection |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Gateway Firewall High Availability |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Active/Standby Gateway Firewall Services |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Active/Active Gateway Firewall Services |
No |
No |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
NAT |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
NAT on North/South and East/West Logical Routers |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Source NAT |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Destination NAT |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
NAT N:N |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Stateless NAT |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
NAT Logging |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
NAT64 |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Active / Active NAT Services |
No |
No |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
VPN |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
L2 VPN |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv4 L3 VPN |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv6 L3 VPN |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Switching |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
vSphere Distributed Switch |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
VLAN Backed Logical Switching |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Overlay Backed Logical Switching |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Multiple TEP Support |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Spoofguard |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
LACP (Edge and Host) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
L2 Multicast |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
L3 Multicast |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Enhanced Datapath - Standard |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Enhanced Datapath - Performance |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Enhanced Datapath - Standard for DPUs8 |
No |
Yes - Subscription Only |
Yes - Subscription Only |
No |
No |
No |
No |
No |
No |
No |
No |
Enhanced Datapath - Performance for DPUs |
No |
No |
Yes - Subscription Only |
No |
No |
No |
No |
No |
No |
No |
No |
Uniform Passthrough for DPUs |
No |
No |
Yes - Subscription Only |
No |
No |
No |
No |
No |
No |
No |
No |
Quality of Service (QoS) |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
QoS Marking |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
QoS DSCP Trust Boundary |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
QoS Rate-Limit Northbound Traffic on Tier-1 Gateway |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
L2 Bridging to Physical Environment |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Software Based L2 Bridge to Physical Environments |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Routing |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Distributed Routing |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Multi-Tier Routing |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Active / Active Dynamic Routing with ECMP |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Active / Standby Redundancy for Routing |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Virtual Routing and Forwarding (Tier-0 Gateway VRFs) |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
EVPN |
No |
No |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
OSPF v2 |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Static Routing - IPv4 |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Static Routing |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BFD |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Null Routes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Device Routes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Static Routing - IPv6 |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Static Routing |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BFD |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Null Routes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Device Routes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BGP - IPv4 Unicast |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
eBGP |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
eBGP Multihop |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
iBGP |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Graceful Restart |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
4-byte ASN |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BFD |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BGP - IPv6 Unicast |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
eBGP |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
eBGP Multihop |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
iBGP |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Graceful Restart |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
4-byte ASN |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
BFD |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Route Maps |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Match on Prefix-List and Community-List |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Set Weight, MED, AS Path, Prepending, Local Preference, and Community |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Other Routing |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
High Availability Virtual IP (HA VIP) |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Route Redistribution |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IP Prefix-Lists |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Per Interface RPF Check |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
DNS, DHCP and IPAM (DDI) |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
IPAM |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IP Blocks |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IP Subnets |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IP Pools |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv4 DHCP Server |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv6 DHCP Server |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv4 DHCP Relay |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv6 DHCP Relay |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv4 DHCP Static Bindings / Fixed Addresses |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv6 DHCP Static Bindings / Fixed Addresses |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
IPv4 DNS Relay / DNS Proxy |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Load Balancing |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Protocols |
|||||||||||
TCP (L4-L7) |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
UDP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
HTTP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Load Balancing Methods |
|||||||||||
Round Robin |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Source IP Hash |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Least Connections |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
L7 Application Rules with RegEx Support |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Heath Checks |
|||||||||||
TCP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
ICMP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
UDP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
HTTP |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
HTTPS |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Monitoring |
|||||||||||
View VIP / Pool / Server Objects |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
View VIP / Pool / Server Statistics |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
View Global Statistics VIP Sessions |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Load Balancing Automation |
|||||||||||
Pool Members Based on vCenter Context or IP Addresses |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Other |
|||||||||||
Connection Throttling |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
High-Availability |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
Modern Apps |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Container Networking and Security |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
VMware Container Networking with Project Antrea Enterprise |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Distributed Load Balancing |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Automation |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
REST API |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Hierarchical Policy API |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
JSON Support |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
OpenAPI / Swagger Spec |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Java SDK |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Python SDK |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Terraform Provider5 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Ansible Modules5 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Integration with Aria Automation1,5 |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Integration with vCloud Director1,5 |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Integration with VMware Integrated OpenStack1,5 |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Multi-Tenancy |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Projects (User Defined) |
1 |
1 |
Configuration Maximum |
No |
No |
No |
No |
No |
No |
No |
No |
NSX VPCs |
8 |
8 |
Configuration Maximum |
No |
No |
No |
No |
No |
No |
No |
No |
Platform |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
ESXi Support |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Manager / Controller Clustering |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
vCenter Integration |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Multi-vCenter® Networking and Security |
No |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Federation |
No |
No |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Edge in VM Form Factor |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Edge in Bare-Metal Form Factor for Routing |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Edge in Bare-Metal Form Factor for Gateway Firewall |
No |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
DPDK Optimized Forwarding |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Dual Stack (IPv4/IPv6) External Management |
Yes |
Yes |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Authentication and Authorization |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Authentication using Workspace ONE Access1,4 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Direct Active Directory Integration via LDAP |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Authentication via OpenLDAP |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Session Based Authentication |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Certificate Based Authentication (Principal Identity) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Role Based Access Control |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Log Management |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Aria Operations for Logs Integration (Plugin)2 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Splunk Integration (Plugin)3 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Installation |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Automated Manager Deployment |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Manual Manager Deployment |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Automated Edge Deployment |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Manual Edge Deployment |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Automated Host Preparation by Cluster |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Operations |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Port Mirroring |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Traceflow |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
NSX Live Traffic Analysis |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Tunnel Health Monitoring |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Port Connectivity Tool |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Switch Based IPFIX |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
LLDP |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Linux Only |
Yes |
Yes |
Yes |
Automated Technical Support Bundles |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Packet Capture |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Backup and Restore |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
SNMP v1/v2/v3 with Traps |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Time-Series Metrics |
No |
No |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Upgrade and Migration |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Upgrade Coordinator |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
NSX for vSphere to NSX-T Migration Coordinator |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
NSX Manager to Policy Promotion |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Included Product Entitlement |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
Aria Operations for Logs for NSX (SaaS) |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Aria Operations for Logs for NSX (on-premises) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Aria Operations for Networks Advanced |
No |
No |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
Aria Operations for Networks Enterprise |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
HCX Advanced |
No |
No |
Yes |
No |
No |
No |
No |
No |
No |
No |
No |
HCX Enterprise |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
HCX+ |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
Workspace One Access |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
NSX Advanced Load Balancer Enterprise |
No |
One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only. |
One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only. |
No |
No |
No |
No |
No |
No |
No |
No |
NSX+ Advanced Load Balancer Cloud Services |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
No |
NSX Intelligence |
NSX Professional |
NSX Advanced |
NSX Enterprise Plus |
NSX for Remote Office Branch Office |
NSX Distributed Firewall |
NSX Distributed Firewall with Threat Prevention |
NSX Distributed Firewall with Advanced Threat Prevention |
NSX Firewall for Baremetal Servers |
NSX Gateway Firewall |
NSX Gateway Firewall with Threat Prevention |
NSX Gateway Firewall with Advanced Threat Prevention |
---|---|---|---|---|---|---|---|---|---|---|---|
VM-to-VM Traffic Flow Analysis |
No |
No |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Firewall Visibility |
No |
No |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Automated Security Policy |
No |
No |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Rule and Group Recommendation Analytics |
No |
No |
Yes |
No |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Network Traffic Analytics |
No |
No |
No |
No |
No |
No |
Yes |
No |
No |
No |
No |
Footnotes
Please refer to the VMware Product Interoperability Matrices for specific versions supported with VMware NSX.
VMware Aria Operations for Logs for NSX provides intelligent log analytics for NSX. VMware Aria Operations for Logs version 3.3.2 and accepts NSX edition license keys issued for NSX 1.0.0 and later. This means you will have an enterprise-level VMware Aria Operations for Logs for NSX license for every license of NSX.
Please refer to the NSX partner website for specific versions.
VMware Workspace ONE Access - A license to use VMware NSX includes an entitlement to use the VMware Workspace ONE Access feature, but only for the following functionalities:
Directory integration functionality of VMware Workspace ONE Access to authenticate users in a user directory such as Microsoft Active Directory or LDAP.
Conditional access policy.
Single-sign-on integration functionality with third party Identity providers to allow third party identity providers’ users to single-sign-on into NSX.
Two-factor authentication solution through integration with third party systems. VMware Verify, VMware’s multi-factor authentication solution, received as part of VMware Workspace ONE Access may not be used as part of NSX.
Single-sign-on functionality to access VMware products that support single-sign-on capabilities.
Integration with automation tools such as VMware Aria Automation, vCloud Director, VMware Integrated OpenStack, Ansible, and Terraform is available for all editions of NSX, however, you must have the appropriate NSX edition for the feature which is automated by these tools. For example automation of load balancing from Terraform or OpenStack requires NSX Advanced, Enterprise Plus, or ROBO.
Both IPv4 and IPv6 are supported for all load balancing features except for IPv6-VIP-to-IPv4-member and IPv4-VIP-to-IPv6-member translations. VMware recommends that customers using NSX load balancing features migrate to NSX Advanced Load Balancer Enterprise (Avi).
Requires VDS 7.0 or higher
Customers who have purchased vSphere Enterprise Plus are also entitled to use the Enhanced Datapath – Standard for DPUs feature. This feature requires the installation of the NSX Manager.