NSX Features

The following tables outline specific functions available by edition. VMware NSX is available as a single download image with license keys required to enable specific functionality.

Table 1. Distributed Security
Distributed Security	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Firewall for NSX Switch Ports	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Distributed Firewall for VDS Switch Ports	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No
Stateful L2 and L3 Rules	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Stateless L2 and L3 Rules	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Distributed FQDN Filtering	No	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Basic L7 Application Identification Rules	No	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No
Advanced L7 Application Identification Rules	No	No	No	No	Yes	Yes	Yes	No	No	No	No
Malicious IP Filtering	Yes - Subscription Only	Yes - Subscription Only	Yes - Subscription Only	No	Yes	Yes	Yes	No	No	No	No
Distributed Flood Protection	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No
Agent-Based Enforcement for Physical Servers	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Stateful L2 and L3 Rules with DPU Support	No	No	Yes - Subscription Only	No	No	No	Yes	No	No	No	No
Stateless L2 and L3 Rules with DPU Support	No	No	Yes- Subscription Only	No	No	No	Yes	No	No	No	No

Table 2. Distributed User Identity Firewall
Distributed User Identity Firewall	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Identity Firewall using Guest Introspection	No	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Distributed Identity Firewall using Active Directory Event Server	No	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Distributed Identity Firewall using third-party log sources	No	No	No	No	Yes	Yes	Yes	No	Yes	Yes	Yes

Table 3. Distributed Threat Prevention
Distributed Threat Prevention	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Intrusion Detection Service (IDS)	No	No	No	No	No	Yes	Yes	No	No	No	No
Distributed Behavioral IDS	No	No	No	No	No	Yes	Yes	No	No	No	No
Distributed Intrusion Prevention Service (IPS)	No	No	No	No	No	Yes	Yes	No	No	No	No

Table 4. Distributed Advanced Threat Prevention
Distributed Advanced Threat Prevention	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Malware Detection and Prevention	No	No	No	No	No	No	Yes	No	No	No	No
Cloud Sandboxing and Artifact Analysis	No	No	No	No	No	No	Yes	No	No	No	No
Distributed IDS Event Forwarding to NDR	No	No	No	No	No	Yes	Yes	No	No	No	No
Network Detection and Response (NDR)	No	No	No	No	No	No	Yes	No	No	No	No

Table 5. Service Insertion Integrations
Distributed Service Insertion Integrations	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Endpoint Protection	Yes	Yes	Yes	No	No	No	No	No	No	No	No
Distributed Network Introspection	No	Yes	Yes	No	No	No	No	No	No	No	No

Table 6. Policy, Tagging and Grouping
Policy, Tagging and Grouping	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Object Tagging / Security Tags	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Network Centric Grouping	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Workload Centric Grouping	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
IP Based Groups	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
MAC Based Groups	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Tag Based Rules	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 7. Firewall Operations
Firewall Operations	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Firewall Logging	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Distributed Firewall based IPFIX	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Rule Hit Count, Popularity Index, Flow Statistics	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Firewall Drafts	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 8. Gateway Security
Gateway Security	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Stateful L3 Rules	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Stateless L3 Rules	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Basic L7 Application Identification Rules	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Advanced L7 Application Identification Rules	No	No	No	No	No	No	No	No	Yes	Yes	Yes
URL Filtering	No	No	No	No	No	No	No	No	Yes	Yes	Yes
Gateway Flood Protection	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes

Table 9. Gateway User Identity Firewall
Gateway User Identity Firewall	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Gateway Identity Firewall using Active Directory Event Server	No	No	No	No	No	No	No	No	Yes	Yes	Yes
Gateway Identity Firewall using third-party log sources	No	No	No	No	No	No	No	No	Yes	Yes	Yes

Table 10. Gateway Threat Prevention
Gateway Threat Prevention	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Gateway TLS Inspection	No	No	No	No	No	No	No	No	Yes	Yes	Yes
Gateway Intrusion Detection Service (IDS) - Behavioral	No	No	No	No	No	No	No	No	No	Yes	Yes
Gateway Intrusion Prevention Service (IPS)	No	No	No	No	No	No	No	No	No	Yes	Yes

Table 11. Gateway Advanced Threat Prevention
Gateway Advanced Threat Prevention	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Malware Detection	No	No	No	No	No	No	No	No	No	No	Yes
Cloud Sandboxing and Artifact Analysis	No	No	No	No	No	No	No	No	No	No	Yes
Malware / File Event Forwarding to NDR	No	No	No	No	No	No	No	No	No	No	Yes

Table 12. Gateway Service Insertion Integrations
Gateway Service Insertion Integrations	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Gateway Network Introspection	Yes	Yes	Yes	Yes	No	No	No	No	No	No	No

Table 13. Gateway Firewall High Availability
Gateway Firewall High Availability	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Active/Standby Gateway Firewall Services	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Active/Active Gateway Firewall Services	No	No	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 14. NAT
NAT	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
NAT on North/South and East/West Logical Routers	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Source NAT	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Destination NAT	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
NAT N:N	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Stateless NAT	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
NAT Logging	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
NAT64	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Active / Active NAT Services	No	No	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 15. VPN
VPN	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
L2 VPN	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv4 L3 VPN	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv6 L3 VPN	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 16. Switching
Switching	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
vSphere Distributed Switch	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
VLAN Backed Logical Switching	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Overlay Backed Logical Switching	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Multiple TEP Support	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Spoofguard	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
LACP (Edge and Host)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
L2 Multicast	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
L3 Multicast	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Enhanced Datapath - Standard	No	Yes	Yes	No	No	No	No	No	No	No	No
Enhanced Datapath - Performance	No	Yes	Yes	No	No	No	No	No	No	No	No
Enhanced Datapath - Standard for DPUs8	No	Yes - Subscription Only	Yes - Subscription Only	No	No	No	No	No	No	No	No
Enhanced Datapath - Performance for DPUs	No	No	Yes - Subscription Only	No	No	No	No	No	No	No	No
Uniform Passthrough for DPUs	No	No	Yes - Subscription Only	No	No	No	No	No	No	No	No

Table 17. Quality of Service (QoS)
Quality of Service (QoS)	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
QoS Marking	Yes	Yes	Yes	No	No	No	No	No	No	No	No
QoS DSCP Trust Boundary	Yes	Yes	Yes	No	No	No	No	No	No	No	No
QoS Rate-Limit Northbound Traffic on Tier-1 Gateway	No	Yes	Yes	No	No	No	No	No	No	No	No

Table 18. L2 Bridging to Physical Environment
L2 Bridging to Physical Environment	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Software Based L2 Bridge to Physical Environments	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 19. Routing
Routing	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Distributed Routing	Yes	Yes	Yes	No	No	No	No	No	No	No	No
Multi-Tier Routing	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Active / Active Dynamic Routing with ECMP	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Active / Standby Redundancy for Routing	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Virtual Routing and Forwarding (Tier-0 Gateway VRFs)	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
EVPN	No	No	Yes	No	No	No	No	No	Yes	Yes	Yes
OSPF v2	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 20. Static Routing - IPv4
Static Routing - IPv4	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Static Routing	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
BFD	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Null Routes	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Device Routes	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes

Table 21. Static Routing - IPv6
Static Routing - IPv6	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Static Routing	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
BFD	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Null Routes	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Device Routes	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 22. BGP - IPv4 Unicast
BGP - IPv4 Unicast	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
eBGP	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
eBGP Multihop	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
iBGP	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Graceful Restart	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
4-byte ASN	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
BFD	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 23. BGP - IPv6 Unicast
BGP - IPv6 Unicast	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
eBGP	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
eBGP Multihop	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
iBGP	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Graceful Restart	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
4-byte ASN	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
BFD	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 24. Route Maps
Route Maps	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Match on Prefix-List and Community-List	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Set Weight, MED, AS Path, Prepending, Local Preference, and Community	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 25. Other
Other Routing	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
High Availability Virtual IP (HA VIP)	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Route Redistribution	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
IP Prefix-Lists	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Per Interface RPF Check	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes

Table 26. DNS, DHCP and IPAM (DDI)
DNS, DHCP and IPAM (DDI)	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
IPAM	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IP Blocks	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IP Subnets	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IP Pools	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv4 DHCP Server	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv6 DHCP Server	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
IPv4 DHCP Relay	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv6 DHCP Relay	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
IPv4 DHCP Static Bindings / Fixed Addresses	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
IPv6 DHCP Static Bindings / Fixed Addresses	No	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
IPv4 DNS Relay / DNS Proxy	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes

Table 27. Load Balancing6
Load Balancing	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Protocols
TCP (L4-L7)	No	Yes	Yes	Yes	No	No	No	No	No	No	No
UDP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
HTTP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Load Balancing Methods
Round Robin	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Source IP Hash	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Least Connections	No	Yes	Yes	Yes	No	No	No	No	No	No	No
L7 Application Rules with RegEx Support	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Heath Checks
TCP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
ICMP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
UDP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
HTTP	No	Yes	Yes	Yes	No	No	No	No	No	No	No
HTTPS	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Monitoring
View VIP / Pool / Server Objects	No	Yes	Yes	Yes	No	No	No	No	No	No	No
View VIP / Pool / Server Statistics	No	Yes	Yes	Yes	No	No	No	No	No	No	No
View Global Statistics VIP Sessions	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Load Balancing Automation
Pool Members Based on vCenter Context or IP Addresses	No	Yes	Yes	Yes	No	No	No	No	No	No	No
Other
Connection Throttling	No	Yes	Yes	Yes	No	No	No	No	No	No	No
High-Availability	No	Yes	Yes	Yes	No	No	No	No	No	No	No

Table 28. Modern Apps
Modern Apps	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Container Networking and Security	No	Yes	Yes	No	No	No	No	No	No	No	No
VMware Container Networking with Project Antrea Enterprise	No	Yes	Yes	No	No	No	No	No	No	No	No
Distributed Load Balancing	No	Yes	Yes	No	No	No	No	No	No	No	No

Table 29. Automation
Automation	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
REST API	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Hierarchical Policy API	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
JSON Support	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
OpenAPI / Swagger Spec	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Java SDK	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Python SDK	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Terraform Provider5	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Ansible Modules5	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Integration with Aria Automation1,5	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Integration with vCloud Director1,5	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Integration with VMware Integrated OpenStack1,5	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 30. Multi-Tenancy
Multi-Tenancy	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Projects (User Defined)	1	1	Configuration Maximum	No	No	No	No	No	No	No	No
NSX VPCs	8	8	Configuration Maximum	No	No	No	No	No	No	No	No

Table 31. Platform
Platform	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
ESXi Support	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No
Manager / Controller Clustering	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
vCenter Integration	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Multi-vCenter^® Networking and Security	No	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Federation	No	No	Yes	No	No	No	No	No	No	No	No
Edge in VM Form Factor	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Edge in Bare-Metal Form Factor for Routing	Yes	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes
Edge in Bare-Metal Form Factor for Gateway Firewall	No	No	No	No	No	No	No	No	Yes	Yes	Yes
DPDK Optimized Forwarding	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Dual Stack (IPv4/IPv6) External Management	Yes	Yes	Yes	No	No	No	No	No	No	No	No

Table 32. Authentication and Authorization
Authentication and Authorization	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Authentication using Workspace ONE Access1,4	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Direct Active Directory Integration via LDAP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Authentication via OpenLDAP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Session Based Authentication	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Certificate Based Authentication (Principle Identity)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Role Based Access Control	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 33. Log Management
Log Management	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Aria Operations for Logs Integration (Plugin)2	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Splunk Integration (Plugin)3	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 34. Installation
Installation	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Automated Manager Deployment	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Manual Manager Deployment	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Automated Edge Deployment	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Manual Edge Deployment	Yes	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes
Automated Host Preparation by Cluster	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No

Table 35. Operations
Operations	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Port Mirroring	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Traceflow	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NSX Live Traffic Analysis	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes
Tunnel Health Monitoring	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes	Yes
Port Connectivity Tool	Yes	Yes	Yes	No	No	No	No	Yes	Yes	Yes	Yes
Switch Based IPFIX	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes
LLDP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Linux Only	Yes	Yes	Yes
Automated Technical Support Bundles	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Packet Capture	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Backup and Restore	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
SNMP v1/v2/v3 with Traps	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Time-Series Metrics	No	No	Yes	No	No	No	No	Yes	Yes	Yes	Yes

Table 36. Upgrade and Migration
Upgrade and Migration	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Upgrade Coordinator	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NSX for vSphere to NSX-T Migration Coordinator	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NSX Manager to Policy Promotion	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Table 37. Included Product Entitlement
Included Product Entitlement	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
Aria Operations for Logs for NSX (SaaS)	No	No	No	No	No	No	No	No	No	No	No
Aria Operations for Logs for NSX (on-premises)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Aria Operations for Networks Advanced	No	No	Yes	No	No	No	No	No	No	No	No
Aria Operations for Networks Enterprise	No	No	No	No	No	No	No	No	No	No	No
HCX Advanced	No	No	Yes	No	No	No	No	No	No	No	No
HCX Enterprise	No	No	No	No	No	No	No	No	No	No	No
HCX+	No	No	No	No	No	No	No	No	No	No	No
Workspace One Access	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NSX Advanced Load Balancer Enterprise	No	One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only.	One (1) Service Unit per 250 NSX CPU Cores. Subscription per core only.	No	No	No	No	No	No	No	No
NSX+ Advanced Load Balancer Cloud Services	No	No	No	No	No	No	No	No	No	No	No

Table 38. NSX Intelligence
NSX Intelligence	NSX Professional	NSX Advanced	NSX Enterprise Plus	NSX for Remote Office Branch Office	NSX Distributed Firewall	NSX Distributed Firewall with Threat Prevention	NSX Distributed Firewall with Advanced Threat Prevention	NSX Firewall for Baremetal Servers	NSX Gateway Firewall	NSX Gateway Firewall with Threat Prevention	NSX Gateway Firewall with Advanced Threat Prevention
VM-to-VM Traffic Flow Analysis	No	No	Yes	No	Yes	Yes	Yes	No	No	No	No
Firewall Visibility	No	No	Yes	No	Yes	Yes	Yes	No	No	No	No
Automated Security Policy	No	No	Yes	No	Yes	Yes	Yes	No	No	No	No
Rule and Group Recommendation Analytics	No	No	Yes	No	Yes	Yes	Yes	No	No	No	No
Network Traffic Analytics	No	No	No	No	No	No	Yes	No	No	No	No

Footnotes

Please refer to the VMware Product Interoperability Matrices for specific versions supported with VMware NSX.
VMware Aria Operations for Logs for NSX provides intelligent log analytics for NSX. VMware Aria Operations for Logs version 3.3.2 and accepts NSX edition license keys issued for NSX 1.0.0 and later. This means you will have an enterprise-level VMware Aria Operations for Logs for NSX license for every license of NSX.
Please refer to the NSX partner website for specific versions.
VMware Workspace ONE Access - A license to use VMware NSX includes an entitlement to use the VMware Workspace ONE Access feature, but only for the following functionalities:
- Directory integration functionality of VMware Workspace ONE Access to authenticate users in a user directory such as Microsoft Active Directory or LDAP.
- Conditional access policy.
- Single-sign-on integration functionality with third party Identity providers to allow third party identity providers’ users to single-sign-on into NSX.
- Two-factor authentication solution through integration with third party systems. VMware Verify, VMware’s multi-factor authentication solution, received as part of VMware Workspace ONE Access may not be used as part of NSX.
- Single-sign-on functionality to access VMware products that support single-sign-on capabilities.
Integration with automation tools such as VMware Aria Automation, vCloud Director, VMware Integrated OpenStack, Ansible, and Terraform is available for all editions of NSX, however, you must have the appropriate NSX edition for the feature which is automated by these tools. For example automation of load balancing from Terraform or OpenStack requires NSX Advanced, Enterprise Plus, or ROBO.
Both IPv4 and IPv6 are supported for all load balancing features except for IPv6-VIP-to-IPv4-member and IPv4-VIP-to-IPv6-member translations. VMware recommends that customers using NSX load balancing features migrate to NSX Advanced Load Balancer Enterprise (Avi).
Requires VDS 7.0 or higher
Customers who have purchased vSphere Enterprise Plus are also entitled to use the Enhanced Datapath – Standard for DPUs feature. This feature requires the installation of the NSX Manager.