VMware Cloud Expert

Lab 6 - L7 Security – L7 FW, FQDN filtering & IDPS

Lab 6 and 7 Lecture Material

Task 1

Enable the NSX Advanced Firewall Add-on

Before any of these features can be used, you must first enable the add-on onto your SDDC. In this tasks, we’ll walk through the steps of enabling the NSX Advanced Firewall functionality onto your SDDC.

Task 2

Configure a Context-Aware Firewall Rule

NSX Context-Aware Firewall Rule (L7) enhances visibility at the application level and helps to override the problem of application permeability. Visibility at the application layer helps you to monitor the workloads better from a resource, compliance, and security point of view.

Task 3

FQDN Filtering

VMC on AWS can allow users to only access specific domains by whitelisting and/or blacklisting FQDNs. In many high-security environments, outgoing traffic is filtered using the Distributed firewall. When you want to access an external service, you usually create IP-based firewall rules.

Task 4

Distributed IDS/IPS

VMware NSX Distributed IDS/IPS provides security operators with a software-based IDS/IPS solution that enables them to achieve regulatory compliance, create virtual zones and detect lateral movement of threats on east-west traffic.

Estimated Progress