Introduction

Typically, firewall rules are based on security groups that contain IP addresses, a subnet, or virtual machines. These security groups can be used as a source or destination in an NSX environment, but this doesn’t cover all use cases. Let’s take an example where an NSX admin has to allow/block access to specific applications to a given set of users, independent of the source address of the end-user. How do I implement rules, as the source address can vary for each user (local machine, VDI, terminal server). That’s where NSX Identity Based Firewall (IDFW) helps you. 

NSX IDFW allows you to create distributed firewall rules based on Active Directory users and groups. You can allow or deny access to applications based on user identity. IDFW requires integration with Active Directory so that the NSX can consume AD users and groups.

 

Use Cases for Identity Firewall

Identity Firewall can be used for Virtual Desktops or a Remote Desktop Session Host.… Read More