Support for NSX Security Tags on the VM-Series Firewall for NSX

The VM-Series for NSX now supports the tagging of guest VMs with NSX security tags due to the addition of the source and destination universally unique identifier (UUID) of guest VMs in your NSX deployment. Vmware vCenter passes the source and destination UUID to the VM-Series firewall via the Netx API and added to the threat and traffic logs. With this information in the logs, the firewall can be configured to tag infected guest VMs via the NSX Manager API.
Panorama receives predefined payload formats for NSX through content updates. These formats are available in the HTTP Server profile, which you can use to make an API call and trigger an automatic action on the NSX Manager. For example, whenever a threat log of critical severity is generated on the firewall, Panorama uses the API to communicate with the NSX Manager to tag the guest VM as infected. The NSX manager then dynamically moves the guest VM with the infected tag into a quarantined security group .
  1. Create a dynamic address to be your quarantine dynamic address group.
  2. Create an HTTP Server Profile to send API calls to NSX Manager. This server profile must send an HTTP PUT request to NSX Manager and use one of the predefined NSX payload formats.
  3. Define the match criteria for when Panorama will forward logs to the NSX Manager, and attach the HTTP server profile to use.
  4. Configure an NSX server certificate for Panorama to forward logs to NSX manager. Those server certificates must exported and uploaded to NSX Manager to allow for necessary communication to take place.
  5. Log in to vCenter and associate a security group with a security tag. The security tag your associate with your quarantine security group must match the payload format you configured in your HTTP Server profile.

Related Documentation