VMware

NSX

As part of an End of Life process, support for VMWare NSX-V is limited in TOS Aurora. For details, see Release Notes.
Access Requests
Device object selection
Add Access
Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier
Remove Access
Designer
Provisioning
Provisioning in automatic step
Verifier
Decommission Network Object
Impact Analysis
Clone Network ObjectPolicy
Designer
Provisioning (or) Provisioning and Committing
Verifier
Rule Recertification
Update metadata

Notes for VMware NSX:

  • Device support is provided for a single NSX Manager managing a single vCenter.

  • For Access Requests, Topology must be enabled for Designer to make suggestions.

  • Security groups can be selected in Access Requests.

    • Designer can suggest using an existing Security Group in rules.

  • Both IPv4 and IPv6 are supported for Access Requests.

  • For IP addresses and network objects included in an Access Request, Designer will suggest that you create implicit objects.

  • Rules which allow jumps are not supported.

  • For NSX-T devices that work with declarative APIs:

    • SecureChange automatically creates a "placeholder" rule before the Cleanup rule in the default policy. This enables provisioning of rules by SecureChange.

    • For NSX-T devices that work with declarative APIs, real time monitoring (accountability) is supported only for syslogs which were received with the default messageid.

    • For Access Requests with a Security Group as a Source or Destination, Designer can provide more specific suggestions for the Applied to field based on the relevant security groups in the request, instead of using DFW.

    • In the Device Manager, the name of a device with a declarative API has (Declarative) included in the device name.