On This Page
VMware
VMware NSX and VMC on AWS
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled or fully shadowed)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Changes (see Change Browser)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Accountability - Installed Revisions
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Recertification(Used to document and verify the need for a rule)
-
- Topology
-
Static Topology
-
BGP Dynamic Routes
Notes for VMware NSX and VMC on AWS:
-
Real-time monitoring uses device polling.
-
These features are not supported: unused objects cleanup, offline analysis.
-
Topology support only includes North-South connectivity and, in topology diagrams, traffic inside a logical switch will be seen as passing logical router.
-
For Auditing and Reporting, these features are supported: Regulations browser, Rule Viewer, New Revision report.
-
Dynamic Topology (BGP dynamic routing) is supported for NSX-T
-
New NSX-T devices are automatically configured with Declarative (Policy) APIs. Devices that were previously added using Imperative APIs will continue to work. In the Device Manager, the name of a device indicates whether the device is configured with a Declarative or Impertitive API.
To convert a device that was previously added using Imperative APIs to Declarative APIs you need to add the device as a new device, and remove or disable the old instance of the device.
-
In NSX-T Devices, support for dynamic Security Groups based on tags set in the device.