Distributed firewall

The vShield-Stateful-Firewall service demon runs constantly on the ESXi host and performs multiple tasks:

  • Interacts with the NSX Manager to retrieve DFW policy rules
  • Gathers DFW statistics information and sends it to the NSX Manager
  • Sends audit log information to the NSX Manager
  • Receives configurations from the NSX manager to create/delete DLR Control VM, and create/ delete ESG
  • Parts of the host preparation process, including SSL-related tasks from NSX Manager

The distributed firewall supports security rules at the Layer 2 and Layer 3 levels. Layer 2 rules are meant for actions that happen at Layer 2 (such as ARP), whereas layer 3 policies define rules to manage traditional traffic between virtual machines.

Distributed ...

Get VMware Cross-Cloud Architecture now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.