VMware NSX 6.4 started solving some of firewall challenges by adding the features like context- aware firewall, which enhances the visibility at the application level and helps to override the problem of application permeability. Visibility at the application layer helps you to monitor the workloads better from a resource, compliance, and security point of view. Context-aware firewall identifies applications and enforces a micro-segmentation for EAST-WEST traffic, independent of the port that the application uses. Context-aware or application-based firewall rules can be defined by defining Layer 7 service objects. After defining Layer 7 service objects in rules, you can define rules with specific protocol, ports, and their application definition.
This demonstration covers the Application and Protocol Identification feature which enables port-independent identification and enforcement for key datacenter applications and protocols, enhancing visibility into application flows and reducing the attack surface by only allowing select applications and blocking vulnerable versions of applications.
“Be social and share it with social media, if you feel worth sharing it”