VMware

VMware NSX and VMC on AWS

As part of an End of Life process, support for VMWare NSX-V is limited in TOS Aurora. For details, see Release Notes.
Dashboard Widgets

General (General overview of the system)

Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)

USP Compliance (The number of rules with violations, according to their severity level)

Audit (The number of rules with expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

Changes (see Change Browser)

Cleanup (see Cleanup Browser)

Device Viewer (see Device Viewer)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Display IPv6 objects

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Real-time Monitoring (Regularly automatically fetches policy information from the device)

Accountability - Installed Revisions (Supported for VMware NSX only)

Create SecureChange ticket from Rule Viewer for:

  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Recertification(Used to document and verify the need for a rule)

Topology

Static Topology

BGP Dynamic Routes

IPv6 routes

Path analysis with IPv6 addresses in source and destination

Notes for VMware NSX and VMC on AWS:

  • Real-time monitoring uses device polling.

  • These features are not supported: unused objects cleanup, offline analysis.

  • Topology support only includes North-South connectivity and, in topology diagrams, traffic inside a logical switch will be seen as passing logical router.

  • For Auditing and Reporting, these features are supported: Regulations browser, Rule Viewer, New Revision report.

  • Dynamic Topology (BGP dynamic routing) is supported for NSX-T.

  • New NSX-T devices are automatically configured with Declarative (Policy) APIs. Devices that were previously added using Imperative APIs will continue to work. In the Device Manager, the name of a device indicates whether the device is configured with a Declarative or Impertitive API.

    To convert a device that was previously added using Imperative APIs to Declarative APIs you need to add the device as a new device, and remove or disable the old instance of the device.

  • In NSX-T Devices, support for dynamic Security Groups based on tags set in the device.

  • TOS Aurora supports IPv6 for NSX devices in the Interactive Map.

    • Path Analysis calculations support IPv6 traffic and matching rules.

  • BGP routes for VMC on AWS are not supported.

  • NSX-T VRF-lite devices are supported in TOS Aurora:

    • You can import VRF-lite devices when importing logical routers for NSX devices.

    • Interactive Map presents VRF-lite devices.

    • Path Analysis calculations include VRF-lite traffic.