The why? VMware NSX provides you the ability to configure multiple tenants using a single NSX Manager instance. This essentially removes the requirement to deploy multiple NSX managers in order to achieve isolation for different customers or different environments. This multi-tenancy will help in situations where there are multiple customers requiring networking and security resources … Continue reading Multi-tenancy in VMware NSX
Category: Network Security
Securing virtual machines using NSX Distributed Firewall and migrating traditional networks to NSX overlay networking
Why VMware NSX? VMware NSX is L2 to L7 network virtualization and advanced security platform. NSX overlay networks which are backed by Geneve overlay protocol provide software defined networking capabilities. Overlay networking allows cloud scale networking whereby multiple overlay networks (NSX overlay segments backed by NSX overlay transport zone) related to multiple tenants can be … Continue reading Securing virtual machines using NSX Distributed Firewall and migrating traditional networks to NSX overlay networking
VMware NSX for Identity Firewall Use Case
Identity firewall Identity firewall IDFW enables one to configure distributed firewall rules based on Active Directory user group. Identity firewall can be utilized for virtual desktops, remote desktop sessions RDSH and also for physical machines. VMware NSX will control access to the target/destination servers based on the user logged in to the source VM. In … Continue reading VMware NSX for Identity Firewall Use Case
VMware NSX Distributed Firewall
Technical References: NSX-T Reference Design Guide VMware NSX-T Administration Guide VMware NSX Distributed Firewall is software defined Layer 7 stateful firewall which provides protection at vnic level of a virtual machine. Layer 7 Application ID, FQDN filtering, identity based fire-walling are important capabilities of NSX Distributed Firewall. A very popular use case of NSX Distributed … Continue reading VMware NSX Distributed Firewall
Palo Alto service insertion for Cross Vcenter NSX-V
Palo Alto service insertion for Cross Vcenter NSX-V References: Multi-site with Cross-VC NSX and Palo Alto Networks Security https://blogs.vmware.com/networkvirtualization/2016/09/multi-site-cross-vc-nsx-palo-alto-networks-security.html/ Cross Vcenter NSX design guide https://blogs.vmware.com/networkvirtualization/2016/07/nsx-v-multi-site-options-cross-vc-nsx-design-guide.html/ Palo Alto service insertion in a single vcenter hosted in single DC A brief about the Software Defined Data Center topology above: - A single vcenter.- A single NSX manager- … Continue reading Palo Alto service insertion for Cross Vcenter NSX-V
Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM
Troubleshooting Distributed Firewall in NSX-V Blog reference: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.troubleshooting.doc/GUID-20234847-3E7A-4FE8-AEE1-31FFB3652481.html In my earlier post on Microsegmentation, we referenced the below topology and we put the workloads for different tiers - Web, App and DB on the same NSX Logical Switch.With NSX micro segmentation, firewall is applied at vnic level of each virtual machine. Topology Below firewall rules … Continue reading Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM
VMware NSX Microsegmentation – Securing Collapsed Architectures
VMware NSX Microsegmentation - Securing Collapsed Architectures As depicted in above topology, NSX-V Distributed Firewall feature is enabled. And as shown in figure above, firewall is effectively applied at each vNic of virtual machine. In this topology: BGP is used as routing protocoliBGP is used within NSXeBGP is used between NSX edges and the physical … Continue reading VMware NSX Microsegmentation – Securing Collapsed Architectures
VMWare NSX Distributed Firewall
We tried to cover VXLAN and VXLAN traffic flow earlier. Every solution has three main components to it - Management, Control and Data Plane. NSX Manager is the management component of VMware NSX solution We now try to know more about Data Plane components of NSX. Data Plane of NSX has: · Logical Switch · … Continue reading VMWare NSX Distributed Firewall
QoS on Palo Alto Firewall
Quality of Service on Palo Alto Firewall Reference:  https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/quality-of-service/configure-qos  1. The process of classification Anyone who has prior experience of Modular QoS CLI (MQC) on Cisco IOS will know that you first classify traffic that needs to be prioritized against other types of traffic. Similar logic is applied while configuring QoS on Palo Alto firewall. … Continue reading QoS on Palo Alto Firewall
DNS Sinkhole feature on Palo Alto Firewall
DNS Sinkhole feature on Palo Alto Firewalls References: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/60/pan-os/NewFeaturesGuide/section_3.pdf https://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523 Why use DNS Sinkhole? Picture this that you have infected hosts on your network that are connecting to malicious websites, websites and portals that are totally not secure. DNS resolution and DNS queries play a vital role here in such communication. When there is a … Continue reading DNS Sinkhole feature on Palo Alto Firewall
Networking & Security 