This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Ben_Collins
Explorer
‎2018-06-06 10:40 AM

CloudGuard in NSX for VDI host isolation?

Hey gang,

I have a project coming up in which I'll be tasked with isolating VDI hosts from each other, to prevent employees and vendors from being able to move east/west within the VDI networks.  I can't figure out if this is something that can be done.  Anyone know, or have suggestions?  I'd like to implement something better than just ACLs.

Thanks,
Ben

Reply
2 Replies
PhoneBoy
Admin
Admin
‎2018-06-06 03:19 PM

Sure, it can be done.

Even if you use a solution like CloudGuard, it will be in concert with the native security controls in VMware.

The native controls will handle basic segmentation duties (allow/drop of specific types of traffic).

CloudGuard (with or without NSX) can be used for deeper inspection. 

0 Kudos
Reply
Demith_Samaraw2
Contributor
‎2018-06-06 06:46 PM

As Dameon said within NSX Distributed Firewall handles the micro-segmentation and traffic between any VDI can be inspected by either NSX DF or a Check Point CloudGuard, it is done based on security tags and you can assign tags per VDIs, NSX DF is a basic L3-4 firewall where as CloudGurad can be used for deeper inspection and other L4-7 features

Reply