Create a Post
Showing results for 
Search instead for 
Did you mean: 

CloudGuard in NSX for VDI host isolation?

Hey gang,

I have a project coming up in which I'll be tasked with isolating VDI hosts from each other, to prevent employees and vendors from being able to move east/west within the VDI networks.  I can't figure out if this is something that can be done.  Anyone know, or have suggestions?  I'd like to implement something better than just ACLs.


2 Replies

Sure, it can be done.

Even if you use a solution like CloudGuard, it will be in concert with the native security controls in VMware.

The native controls will handle basic segmentation duties (allow/drop of specific types of traffic).

CloudGuard (with or without NSX) can be used for deeper inspection. 

0 Kudos

As Dameon said within NSX Distributed Firewall handles the micro-segmentation and traffic between any VDI can be inspected by either NSX DF or a Check Point CloudGuard, it is done based on security tags and you can assign tags per VDIs, NSX DF is a basic L3-4 firewall where as CloudGurad can be used for deeper inspection and other L4-7 features