Do You Manage Peer Insights at Broadcom (VMware)?
Access Vendor Portal to update and manage your profile.
The number one thing that my team loves about the distributed firewall is the ability to enforce zero trust policies in the virtual infrastructure. The policies that can be created can be quite constrictive and can be applied down to the virtual network interface. This results in a high level of security and communication between the virtual servers. My team also loves how easy it is to create segmentation rules. Practically anything can be used to build a policy (name of the virtual machine, operating system, cluster membership). The wide range of tags really helps to build customized rules for segmentation. Finally, my team loves how well it integrates with the VMWare infrastructure. The segmentation policies can follow the virtual server across datacenters, hosts and clusters.
tag based rules management the GUI makes troubleshooting easier with basic tools like traceroute, packet capture. encryption and micro segmentation well integrated with VMware environment
I like the solution's distributed architecture, excellent micro-segmentation capabilities and close integration with the rest of the VMware products. NSX-DFW also allows for segmenting high-risk workloads, such as applications that must be PCI and HIPAA-compliant. Finally, our network team really liked the ability to manage inflexible VLAN-based segmentation with security groups.
The product can be quite expensive, especially given Broadcom's new licensing model. This solution is only available in their higher tier of licensing, which many organizations may find cost prohibitive to implement. Implementing the distributed firewall also increases operational complexity. Your IT team should be properly trained before this product is implemented in production. If a firewall rule is created incorrectly, it could result in unexpected downtime. My team found that this product also generates a significant amount of logging. This is important to note, especially if you have these logs configured to be ingested by a SIEM, since the increased logging could impact the SIEM's performance and take up more space.
network engineers are not well versed with the product and need to be skilled, whereas are comfortable with other suite of products firewall rules caused a lot of issues for us limited support , interoperability and integration for multiple vendor environment eg google cloud, aws, ibm softlayer and oracle cloud esp if custom rules have been set
The solution has a very steep learning curve and it's tough for traditional network engineers. Also, it is not ideal for non-VMware workloads. Finally - thank you, Broadcom - the licensing costs are very high.
