VMSafe Firewall and Monitoring Modes

When the vGW Series uses either the VMsafe Firewall and Monitoring mode or the VMsafe Monitoring mode to install a vGW Security VM on an ESX/ESXi host, it uses the VMsafe networking APIs to build the security engine as a kernel module in the hypervisor of the host. This installation allows for full protocol inspection of every guest VM (VM).

The VMsafe Firewall mode allows you to secure specific VMs or entire port groups. It has visibility into all traffic that transits each VM to be protected. VMsafe modes are not dependent on the virtual switching layer.

The VMsafe Monitoring mode is the same as the VMsafe Firewall and Monitoring installation mode except that security policies cannot be loaded into the vGW hypervisor kernel module. It is typically used when administrators want to guarantee that no packets get blocked because of an incorrectly configured security policy.

Related Documentation