On This Page
VMware
NSX
- Access Requests
- Device object selection
- Add Access
- Risk Analysis
- Designer
- Provisioning
- Provisioning in automatic step
- Verifier
- Remove Access
- Designer
- Provisioning
- Provisioning in automatic step
- Verifier
- Decommission Network Object
- Impact Analysis
- Clone Network ObjectPolicy
- Designer
- Provisioning (or) Provisioning and Committing
- Verifier
- Rule Recertification
- Update metadata
Notes for VMware NSX:
-
Device support is provided for a single NSX Manager managing a single vCenter.
-
For Access Requests, Topology must be enabled for Designer to make suggestions.
-
Designer will suggest using an existing Security Group in rules and will not suggest creating a new Security Group object.
-
For IPs and network objects included in an Access Request, Designer will suggest that you create implicit objects.
-
NSX devices can add pre-existing Security Group objects to an Access Request.
-
Rules which allow jumps are not supported.
-
For NSX-T devices that work with declarative APIs:
-
SecureChange automatically creates a "placeholder" rule before the Cleanup rule in the default policy. This enables provisioning of rules by SecureChange.
-
For NSX-T devices that work with declarative APIs, real time monitoring (accountability) is supported only for syslogs which were received with the default
messageid
. -
For Access Requests with a Security Group as a Source or Destination, Designer can provide more specific suggestions for the Applied to field based on the relevant security groups in the request, instead of using DFW.
-
In the Device Manager, the name of a device with a declarative API has (Declarative) included in the device name.
-