Distributed firewall

The vShield-Stateful-Firewall service demon runs constantly on the ESXi host and performs multiple tasks:

  • Interacts with the NSX Manager to retrieve DFW policy rules
  • Gathers DFW statistics information and sends it to the NSX Manager
  • Sends audit log information to the NSX Manager
  • Receives configurations from the NSX manager to create/delete DLR Control VM, and create/ delete ESG
  • Parts of the host preparation process, including SSL-related tasks from NSX Manager

The distributed firewall supports security rules at the Layer 2 and Layer 3 levels. Layer 2 rules are meant for actions that happen at Layer 2 (such as ARP), whereas layer 3 policies define rules to manage traditional traffic between virtual machines.

Distributed ...

Get VMware Cross-Cloud Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.