The vShield-Stateful-Firewall service demon runs constantly on the ESXi host and performs multiple tasks:
- Interacts with the NSX Manager to retrieve DFW policy rules
- Gathers DFW statistics information and sends it to the NSX Manager
- Sends audit log information to the NSX Manager
- Receives configurations from the NSX manager to create/delete DLR Control VM, and create/ delete ESG
- Parts of the host preparation process, including SSL-related tasks from NSX Manager
The distributed firewall supports security rules at the Layer 2 and Layer 3 levels. Layer 2 rules are meant for actions that happen at Layer 2 (such as ARP), whereas layer 3 policies define rules to manage traditional traffic between virtual machines.