VMware

NSX

Access Requests
Device object selection
Add Access
Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier
Remove Access
Designer
Provisioning
Provisioning in automatic step
Verifier
Decommission Network Object
Impact Analysis
Clone Network ObjectPolicy
Designer
Provisioning (or) Provisioning and Committing
Verifier
Rule Recertification
Update metadata

Notes for VMware NSX:

  • Device support is provided for a single NSX Manager managing a single vCenter.

  • For Access Requests, Topology must be enabled for Designer to make suggestions.

  • Designer will suggest using an existing Security Group in rules and will not suggest creating a new Security Group object.

  • For IPs and network objects included in an Access Request, Designer will suggest that you create implicit objects.

  • NSX devices can add pre-existing Security Group objects to an Access Request.

  • Rules which allow jumps are not supported.

  • For NSX-T devices that work with declarative APIs:

    • SecureChange automatically creates a "placeholder" rule before the Cleanup rule in the default policy. This enables provisioning of rules by SecureChange.

    • For NSX-T devices that work with declarative APIs, real time monitoring (accountability) is supported only for syslogs which were received with the default messageid.

    • For Access Requests with a Security Group as a Source or Destination, Designer can provide more specific suggestions for the Applied to field based on the relevant security groups in the request, instead of using DFW.

    • In the Device Manager, the name of a device with a declarative API has (Declarative) included in the device name.