A significant number of network breaches originate in branch offices. Branch offices are vulnerable to a variety of attack vectors, including sophisticated phishing campaigns, lax physical security, and insider threats from disgruntled or careless users. These threats can be used to gain access to the network. With proper defenses, the damage from these attacks can be limited to the branch office and prevented from spreading to more sensitive areas of the network, such as the data center. VMware Enhanced Firewall Services (EFS) are natively integrated security services in the VMware SD-WAN Edge that can help protect branch offices from attacks.

Purpose

This design guide outlines how an organization can use the EFS feature set to enhance its security footprint. The topic areas covered in this design guide include:
  • Identified use cases
  • Architecture
  • Design considerations
  • Traffic patterns
  • Security best practices
  • Deployment strategy
The guide provides detailed information on each topic, as well as recommendations for how to implement EFS in a secure manner.

Target Audience

This design guide is intended for all network and security architects, engineers, and administrators who design, deploy, or maintain a VMware SASE™ solution.