On This Page
VMware
NSX
Access Requests |
Device object selection |
Add Access |
Risk Analysis |
Remove Access |
Designer |
Server Decommission |
Impact Analysis |
Clone Server Policy |
Designer |
Rule Recertification |
Update metadata |
Notes for VMware NSX:
-
Device support is provided for a single NSX Manager managing a single vCenter.
-
For Access Requests, Topology must be enabled for Designer to make suggestions.
-
Designer will suggest using an existing Security Group in rules and will not suggest creating a new Security Group object.
-
For IPs and network objects included in an Access Request, Designer will suggest that you create implicit objects.
-
NSX devices can add pre-existing Security Group objects to an Access Request.
-
Rules which allow jumps are not supported.
-
For NSX-T devices that work with declarative APIs:
-
SecureChange automatically creates a "placeholder" rule before the Cleanup rule in the default policy. This enables provisioning of rules by SecureChange.
-
For NSX-T devices that work with declarative APIs, real time monitoring (accountability) is supported only for syslogs which were received with the default
messageid
. -
For Access Requests with a Security Group as a Source or Destination, Designer can provide more specific suggestions for the Applied to field based on the relevant security groups in the request, instead of using DFW.
-
In the Device Manager, the name of a device with a declarative API has (Declarative) included in the device name.
-