The following tables outline specific functions available by edition. VMware NSX is available as a single download image with license keys required to enable specific functionality.

Table 1. Distributed Security

Distributed Security

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Firewall for NSX Switch Ports

No

Yes

Yes

Distributed Firewall for VDS Switch Ports

No

Yes

Yes

Stateful L2 and L3 Rules

No

Yes

Yes

Stateless L2 and L3 Rules

No

Yes

Yes

Distributed FQDN Filtering

No

Yes

Yes

Basic L7 Application Identification Rules

No

Yes

Yes

Advanced L7 Application Identification Rules

No

Yes

Yes

Malicious IP Filtering

No

Yes

Yes

Distributed Flood Protection

No

Yes

Yes

Agent-Based Enforcement for Physical Servers

No

Yes

Yes

Stateful L2 and L3 Rules with DPU Support

No

Yes

Yes

Stateless L2 and L3 Rules with DPU Support

No

Yes

Yes

Table 2. Distributed User Identity Firewall

Distributed User Identity Firewall

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Identity Firewall using Guest Introspection

No

Yes

Yes

Distributed Identity Firewall using Active Directory Event Server

No

Yes

Yes

Distributed Identity Firewall using third-party log sources

No

Yes

Yes

Table 3. Distributed Threat Prevention

Distributed Threat Prevention

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Intrusion Detection Service (IDS)

No

No

Yes

Distributed Behavioral IDS

No

No

Yes

Distributed Intrusion Prevention Service (IPS)

No

No

Yes

Table 4. Distributed Advanced Threat Prevention

Distributed Advanced Threat Prevention

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Malware Detection and Prevention

No

No

Yes

Cloud Sandboxing and Artifact Analysis

No

No

Yes

Network Detection and Response (NDR)

No

No

Yes

Table 5. Service Insertion Integrations

Distributed Service Insertion Integrations

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Endpoint Protection

No

No

No

Distributed Network Introspection for Packet Copy

Yes

No

No

Distributed Network Introspection for Security (see footnote 7)

No

No

No

Table 6. Policy, Tagging and Grouping

Policy, Tagging and Grouping

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Object Tagging / Security Tags

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Network Centric Grouping

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Workload Centric Grouping

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IP Based Groups

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

MAC Based Groups

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Tag Based Rules

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 7. Firewall Operations

Firewall Operations

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Firewall Logging

Yes (Stateless Gateway Firewall)

Yes

Yes

Distributed Firewall based IPFIX

No

Yes

Yes

Rule Hit Count, Popularity Index, Flow Statistics

Yes (Stateless Gateway Firewall

Yes

Yes

Firewall Drafts

No

Yes

Yes

Table 8. Gateway Security

Gateway Security

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Stateful L3 Rules

No

Yes

Yes

Stateless L3 Rules

Yes

Yes

Yes

Basic L7 Application Identification Rules

No

Yes

Yes

Advanced L7 Application Identification Rules

No

Yes

Yes

URL Filtering

No

Yes

Yes

Gateway Flood Protection

No

Yes

Yes

Edge Bridge Firewall

No

Yes

Yes

Table 9. Gateway User Identity Firewall

Gateway User Identity Firewall

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Gateway Identity Firewall using Active Directory Event Server

No

Yes

Yes

Gateway Identity Firewall using third-party log sources

No

Yes

Yes

Table 10. Gateway Threat Prevention

Gateway Threat Prevention

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Gateway TLS Inspection

No

Yes

Yes

Gateway Intrusion Detection Service (IDS)

No

No

Yes

Gateway Intrusion Prevention Service (IPS)

No

No

Yes

Table 11. Gateway Advanced Threat Prevention

Gateway Advanced Threat Prevention

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Malware Detection

No

No

Yes

Cloud Sandboxing and Artifact Analysis

No

No

Yes

Malware / File Event Forwarding to NDR

No

No

Yes

Table 12. Gateway Service Insertion Integrations

Gateway Service Insertion Integrations

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Gateway Network Introspection for Security (see footnote 7)

No

No

No

Table 13. Gateway Firewall High Availability

Gateway Firewall High Availability

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Active/Standby Gateway Network Services

Yes

No

No

Active/Standby Gateway Firewall Services

Yes (Stateless Gateway Firewall)

Yes

Yes

Active/Active Gateway Network Services (e.g. NAT, VPN)

Yes

No

No

Active/Active Gateway Firewall Services (e.g. Firewall, IDS/IPS, Malware Detection)

No

Yes

Yes

Table 14. Switching

Switching

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

vSphere Distributed Switch

Provided by vSphere

Provided by vSphere

Provided by vSphere

VLAN Backed Logical Switching

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Overlay Backed Logical Switching

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Spoofguard

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

L2 and L3 Multicast

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Enhanced Datapath

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Enhanced Datapath for DPUs

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 15. Routing

Routing

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Distributed Routing

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 Static Routing

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 BFD

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 BGP

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

ECMP

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Virtual Routing and Forwarding (Tier-0 Gateway VRFs)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

EVPN

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

OSPF v2

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 16. Networking Services

Networking Services

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

NAT

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

L2 VPN

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 L3 VPN

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Quality of Service (QoS)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Edge Bridge for Networking

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

NSX Load Balancer(see footnote 6)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 17. DNS, DHCP and IPAM (DDI)

DNS, DHCP and IPAM (DDI)

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

IPAM - Blocks, Subnets, and Pools

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 DHCP Server

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 and IPv6 DHCP Relay

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

IPv4 DNS Relay / DNS Proxy

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 18. Modern Apps

Modern Apps

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Container Networking with Kubernetes Network Policies

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Container Security with Antrea Network Policies

No

Yes

Yes

Container Security with IDS

No

No

Yes (Tech Preview)

Distributed Load Balancing

Yes

No

No

Table 19. Automation

Automation

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

REST API

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

OpenAPI Spec and SDKs (Python and Java)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Automation Tools (Ansible and Terraform) (see footnote 5)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 20. Multi-Tenancy

Multi-Tenancy

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Projects (User Defined) for Networking

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Projects (User Defined) for Security

No

Yes

Yes

NSX VPCs for Networking

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

NSX VPCs for Security

No

Yes

Yes

Table 21. Platform

Platform

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Manager / Controller Clustering

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

vCenter Integration

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Multi-vCenter® Networking and Security

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Federation

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Edge in VM Form Factor

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Edge in Bare-Metal Form Factor for Routing

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Edge in Bare-Metal Form Factor for Gateway Firewall

Yes (Stateless Gateway Firewall)

Yes

Yes

DPDK Optimized Forwarding

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Dual Stack (IPv4/IPv6) External Management

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 22. Authentication and Authorization

Authentication and Authorization

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Authentication using Workspace ONE Access (see footnotes 1 and 4)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Direct Active Directory Integration via LDAP

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Authentication via OpenLDAP

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Session Based Authentication

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Certificate Based Authentication (Principle Identity)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Role Based Access Control

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 23. Log Management

Log Management

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Aria Operations for Logs Integration (Plugin) (see footnote 2)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Splunk Integration (Plugin) (see footnote 3)

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 24. Installation

Installation

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Automated Manager Deployment

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Manual Manager Deployment

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Automated Edge Deployment

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Manual Edge Deployment

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Automated Host Preparation by Cluster

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 25. Operations

Operations

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Port Mirroring

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Traceflow

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

NSX Live Traffic Analysis

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Tunnel Health Monitoring

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Port Connectivity Tool

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Switch Based IPFIX

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

LLDP

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Automated Technical Support Bundles

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Packet Capture

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Backup and Restore

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

SNMP v1/v2/v3 with Traps

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Time-Series Metrics for Networking

Yes

No

No

Time-Series Metrics for Security

No

Yes

Yes

Table 26. Upgrade and Migration

Upgrade and Migration

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Upgrade Coordinator

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

NSX for vSphere to NSX-T Migration Coordinator

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

NSX Manager to Policy Promotion

Yes

Provided by NSX Networking for VCF

Provided by NSX Networking for VCF

Table 27. Included Product Entitlement

Included Product Entitlement

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

Aria Operations for Logs for NSX (SaaS)

See the VMware Cloud Foundation Datasheet

No

No

Aria Operations for Logs for NSX (on-premises)

See the VMware Cloud Foundation Datasheet

No

No

Aria Operations for Networks Advanced

See the VMware Cloud Foundation Datasheet

No

No

Aria Operations for Networks Enterprise

See the VMware Cloud Foundation Datasheet

No

No

HCX Advanced

See the VMware Cloud Foundation Datasheet

No

No

HCX Enterprise

See the VMware Cloud Foundation Datasheet

No

No

HCX+

See the VMware Cloud Foundation Datasheet

No

No

Workspace One Access

See the VMware Cloud Foundation Datasheet

No

No

Avi Load Balancer

No

No

No

Avi Load Balancer with Cloud Services

No

No

No

Table 28. VMware Security Intelligence

VMware Security Intelligence

NSX Networking for VMware Cloud Foundation

VMware Firewall

VMware Firewall with Advanced Threat Prevention

VM-to-VM Traffic Flow Analysis

No

Yes

Yes

Firewall Visibility

No

Yes

Yes

Automated Security Policy

No

Yes

Yes

Rule and Group Recommendation Analytics

No

Yes

Yes

Network Traffic Analytics

No

No

Yes

Footnotes

  1. Please refer to the Product Interoperability Matrices for specific versions supported with NSX.

  2. VMware Aria Operations for Logs is not included in these editions. However, it may be included in the VMware Cloud Foundation suite.

  3. Please refer to the NSX partner website for specific versions.

  4. VMware Workspace ONE Access is not included in these editions. However, it may be included in the VMware Cloud Foundation suite.

  5. Integration with automation tools such as VMware Aria Automation, vCloud Director, Ansible, and Terraform is available for all editions of NSX, however, you must have the appropriate NSX edition for the feature which is automated by these tools.

  6. It is recommended that all customers who need load balancing features purchase Avi Load Balancer. Support for the built-in NSX load balancer for customers using NSX 4.x will remain for the duration of the NSX 4.x release series. VMware does not intend to provide support for the built-in NSX load balancer beyond the last NSX 4.x release.

  7. It is recommended that all customers who use Distributed or Gateway Network Introspection for Firewall/IDS-IPS functionality purchase VMware Firewall with Advanced Threat Prevention. Only existing customers with existing deployments using Network Introspection for Security in NSX 4.x will be supported for the remaining duration of the NSX 4.x release series including customers replacing older licenses with newer licenses. VMware does not intend to provide support for Network Introspection for Security Vendors after the last NSX 4.x release.