Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Configuring VMware NSX with Policy Enforcer


The following steps explain configuring VMWare NSX with Policy Enforcer:

  1. Add the NSX Manager to the Security Director database, as shown in Figure 59. To know more about adding a NSX Manager, see Adding the NSX Manager.

    Figure 59: Adding NSX Manager Page

    Adding NSX Manager
  2. After discovering the NSX Manager in Security Director, use the Guided Setup workflow to configure the following parameters:
    • Secure Fabric
    • Policy Enforcement Group (PEG)
    • Sky ATP Realm
    • Threat policies for the following threat types:
      • Command and Control (C&C) Server
      • Infected Hosts
      • Malware
  3. Select Configuration > Guided Setup > Threat Prevention.

    The Threat Prevention Policy Setup page appears.

  4. Click Stat Setup.

    The Threat Prevention Policy Setup page appears, as shown in Figure 60. Some of the resources are already configured as you discover the NSX Manager.

    Figure 60: Guided Setup Page

    Guided Setup Page
  5. In the Secure Fabric page, the site is already created. For that site, one enforcement point is also added.

    To create a secure fabric site in Policy Enforcer for NSX based environment, you require two parts : NSX Manager and edge firewall. In the Add Enforcement Points page, add vSRX, as shown in the topology, as a edge firewall. Select the vSRX device listed under the Available column and move it to the Selected column. You now have two enforcement points within the Secure Fabric.

    Click Next.

  6. In the Policy Enforcement Groups page, the policy enforcement group is already created based on the Location Group Type. The location points to the Secure Fabric site created for NSX.

    Click. Next.

  7. In the Sky ATP Realm page, associate the Secure Fabric with a Sky ATP realm.

    If the Sky ATP realm is already created, click Assign Sites in the Sites Assigned column and chose the Secure Fabric site. The Sky ATP realm and Secure Fabric are now associated.

    Click. Next.

  8. In the Policies page, create a threat prevention policy by choosing the profile types depending on the type of threat prevention this policy provides (C&C Server, Infected Host, Malware) and an action for the profile. The DDoS profile is not supported by the NSX Connector. Once configured, you apply policies to PEGs.

    Click Assign groups in the Policy Enforcement Group column to associate the policy enforcement group with the policy.

    Security Director takes the snapshot of the firewall by performing the rule analysis and threat remediation rules are pushed into the edge firewall.

    Click Finish.

    Note: The GeoIP feeds are not used with the NSX Connectors.

  9. The last page is a summary of the items you have configured using quick setup. Click OK to be taken to the Policies page under Configure > Threat Prevention > Policies and your policy is listed there.
Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support