{"id":872,"date":"2021-11-18T19:33:47","date_gmt":"2021-11-18T18:33:47","guid":{"rendered":"https:\/\/vminded.com\/?p=872"},"modified":"2021-12-02T17:59:13","modified_gmt":"2021-12-02T16:59:13","slug":"nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3","status":"publish","type":"post","link":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/","title":{"rendered":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)"},"content":{"rendered":"\n

In my previous post<\/a>, I talked about the FQDN filtering feature which is one of the new Add-Ons of the Advanced firewall.<\/p>\n\n\n\n

In this Part 3 of this multi part blog series, let’s focus on the latest feature, the Distributed IDS\/IPS<\/a> which is part of the newly announced NSX Advanced Firewall <\/a>for VMware Cloud on AWS.<\/p>\n\n\n\n

Introduction to Distributed IPS\/IDS<\/h2>\n\n\n\n

With NSX Distributed IDS\/ IPS, customers gain protection against attempts to exploit vulnerabilities in workloads running on VMware Cloud on AWS. <\/p>\n\n\n\n

Distributed IDS\/ IPS is an application-aware deep packet inspection engine that can examine and protect traffic inside the SDDC. Customers can detect and prevent lateral threat movement within the SDDC using the intrinsic security capabilities of Distributed IDS\/IPS. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Like DFW, Distributed IDS\/IPS is built into the hypervisor and inspection can be performed for all traffic coming into or leaving the VM. Since the inspection is performed on all the hypervisor hosts in a distributed manner, there is no single inspection bottleneck that chokes the traffic flow.<\/p>\n\n\n\n

Enabling Distributed IDS\/IPS<\/h2>\n\n\n\n

First thing we will do is to activate and configure the Distributed IDS\/IPS feature in VMC on AWS SDDC.<\/p>\n\n\n\n

If you don’t have already activated the NSX Advanced Firewall add-on, please do so otherwise you will get this message:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Remember in my first Post<\/a> of this series, I already have shown you how to activate the NSX Advanced Firewall Add On for VMware Cloud on AWS.<\/p>\n\n\n\n

Once you have activated the add-on feature, in the browser, Click the Networking and Security<\/strong> tab. Click Distributed IDS\/IPS<\/strong>, located in the Security Section<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

The IDS\/IPS is disabled by default so you have to enable it for the cluster. Here I have only one cluster.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Just move the slider to enable the feature and confirm that you want to enable the cluster and you are ready to test it!<\/p>\n\n\n\n

Once it’s enabled you can choose to regularly update the Signatures<\/strong> by selecting the Auto Update new versions <\/strong>button.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

NSX Distributed IDS\/IPS utilizes the latest threat signature sets and anomaly detection algorithms to identify attempts at exploiting vulnerabilities in applications. It is integrated with the NSX Threat Intelligence Cloud Service<\/strong> to always remain up to date on the latest threats identified on the Internet.<\/p>\n\n\n\n

You can check the other versions that have been presents in the environment by clicking the View and change versions<\/strong> link.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

This is launching a new window with historical details. Here we can see that the first Default Signature was installed Jun 17th, 2021 and additional signatures has been pushed Oct 20th<\/sup> and Nov 12nd<\/sup>.<\/p>\n\n\n\n

\"\"
By clicking on the New signatures<\/strong>, I can dive deep into the details of each of them and access really good information on what signatures have been disabled, updated, …<\/figcaption><\/figure>\n\n\n\n

We are gonna go ahead and be using the latest versions.<\/p>\n\n\n\n

If you don’t have access to Internet from your NSX Manager, you also download the IDS\/IPS signatures from the Network Threat Intelligence services page and be able to upload them manually.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Now it’s time to finish configuring the feature and launch some real test attacks by leveraging both Kali Linux<\/a> and the infection Monkey<\/a> tooling to simulate some attacks!<\/p>\n\n\n\n

Configuring Distributed IDS\/IPS profile & rule<\/h2>\n\n\n\n

Create a Profile for IDS\/IPS<\/h3>\n\n\n\n

In this section, I will create a default profile to use with an IDS\/IPS rule. <\/p>\n\n\n\n

NB: We can configure up to 25 profiles.<\/strong><\/p>\n\n\n\n

Under the Profiles <\/strong>tab under Distributed IDS\/IPS within the Security<\/strong> section, I have clicked ADD PROFILE <\/strong>and create the ChrisIDSProfile<\/em> profile:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I have accepted the default settings but you can customise the profile to meet your requirements.<\/em> You can for instance only select the Intrusion attack with a level of severity to <\/em>Critical<\/em> <\/strong>or High and Critical<\/strong> only<\/em>.<\/p>\n\n\n\n

One thing you can do is to tweak it by selecting specific CVSS or Attack types.<\/p>\n\n\n\n

I clicked save<\/strong> to finish creating the Profile. <\/p>\n\n\n\n

We can see that the profile has been successfully created.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

After a few seconds it appears in green:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Create a Policy with rules for IDS\/IPS<\/h3>\n\n\n\n

Now let’s create a Policy.<\/p>\n\n\n\n

For that, I need to go to the Rules<\/strong> tab and add a specific IDS\/IPS Policy<\/strong> called ChrisIDS-Policy<\/em>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I have selected the check box <\/strong>next to the name of the policy, then click Add Rule<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

To finish the configuration I have to select the profile previously created. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I have also changed the source from Any to my SDDC subnets<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Please note that I leave the Sources<\/strong> and Services<\/strong> columns to Any<\/em> and the Applied to<\/strong> field set to DFW<\/em>. <\/p>\n\n\n\n

I have also left the Mode to Detect Only<\/strong>. In Production it’s better to change this setting and switch to Detect & Prevent. <\/p>\n\n\n\n

Now that I am done with the setup, I just need to click\u00a0Publish<\/strong>.<\/p>\n\n\n\n

Now it’s time to go for some tests of attacks and exploits.<\/p>\n\n\n\n

Testing the IDS\/IPS<\/h2>\n\n\n\n

In order to test the IDS\/IPS feature, I have used my best security scanning tools<\/strong> to generate some attacks and try to exploit some vulnerabilities in one special server.<\/p>\n\n\n\n

Basically I will launch the exploits on a OWASP Web Application server<\/a> which is a test server with vulnerabilities that I have deployed in my SDDC. In a nutshell OWASP<\/a> stands for The Open Web Application Security Project\u00ae<\/sup>\u00a0and it is a nonprofit foundation that works to improve the security of software. It’s a very good way to test the level of security of your environment.<\/p>\n\n\n\n

This OWASP server is going to be the target<\/strong> for all the vulnerability scanning coming from my two different tools.<\/p>\n\n\n\n

Scanning tools<\/h3>\n\n\n\n

First one is the Kali Linux<\/a> distribution in a Virtual Machine which have a multitude of security tools preinstalled in it. I love it!<\/p>\n\n\n\n

The second one is the Infection Monkey virtual appliance<\/a> from Guardicore<\/a> which is a platform with a graphical interface that you can leverage to launch the exploits. <\/p>\n\n\n\n

Infection Monkey is an open source breach and attack simulation (BAS) platform <\/strong>that allows organisations to discover security gaps and fix them. You can Simply infect a random machine with the Infection Monkey and automatically discover your security risks. Test for different scenarios – credential theft, compromised machines and other security flaws.<\/p>\n\n\n\n

Deploying Kali Linux<\/h3>\n\n\n\n

It’s a simple process as you can install it from a ISO CD or download a virtual image directly from here<\/a>.<\/a><\/p>\n\n\n\n

I have choose to install it with the ISO CD as it gives more flexibility to tweak your VM settings.<\/p>\n\n\n\n

Once the VM is deployed there is nothing more to do.<\/p>\n\n\n\n

Deploying Monkey Island VM<\/h3>\n\n\n\n

First I have deployed the Monkey Island VM from the OVA downloaded from the Infection Monkey website. This is an Ubuntu Linux VM with a small footprint of only 2 vCPU and 2GB of RAM.<\/p>\n\n\n\n

Once it’s been installed, I have just started the VM.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

My VM is up and running very quickly and I can connect to it from the web console on port 5000:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Once I am logged in with the default username: monkeyuser<\/em><\/strong> and password, I can setup the system.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I start by clicking on Configure Monkey<\/strong>.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I need to click the Network <\/strong>tab, and Change the Target list IP address with the IP address of the OWASP VM running in the App segment (172.11.11.115).<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Then I clicked on the Run Monkey on the left and Select From Island<\/strong>.<\/p>\n\n\n\n

At that moment the tool launches the exploits automatically.<\/p>\n\n\n\n

Launching the attacks and exploits<\/h2>\n\n\n\n

With Kali Linux tools<\/h3>\n\n\n\n

In my environment, the Kali Linux<\/a> server address is 172.11.11.107<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

And the OWASP Broken Web Application has the following address: 172.11.11.115<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In this first stage, I started to use Kali Linux with nmap<\/em> to scan the OWASP Web server. <\/p>\n\n\n\n

\"\"
As you can see, there are 9 opened ports on the machine. The nmap<\/em> command is able to output the name and version of the services that use the ports<\/figcaption><\/figure>\n\n\n\n

Is this next step, I have leveraged the nikto<\/em> command to scan for vulnerabilities on the server.<\/p>\n\n\n\n

\"\"
Multiple vulnerabilities have been displayed. Mainly affecting the Apache server and also the version of Python which is outdated<\/figcaption><\/figure>\n\n\n\n

The result of the exploit is visible now on the CSP Console as you can see on the screen below. At the top, you can see there is representation of the attempt to compromise the server and they are spread over a time range with a slider that can be changed as needed.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The attacks have triggered a lot of Emerging Threats<\/strong> (ET Scan) alerts with Medium<\/strong>, High<\/strong> and Critical<\/strong> severity levels.<\/p>\n\n\n\n

\"\"
Medium alerts inform that the http protocol on the Web-Server is exploitable with vulnerabilities. The response here is just “Detect”. You can see the CVE number and CVSS Classification of the vulnerabilities on the right.<\/figcaption><\/figure>\n\n\n\n

When I click on the VMs Affected<\/strong>, a list of the VM that have been affected by the vulnerabilities displays:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In addition, clicking the purple bar allow for displaying a detail window:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

With Monkey Island tools<\/h3>\n\n\n\n

As I said before the scanner starts automatically after finishing the setup. Once it has finished its scanning operations, Monkey Island shows a map with all the results accessible through a web page.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

It also displays a map of the devices that have been scanned by the tool.<\/p>\n\n\n\n

On the right of the page, there is a tab called ATT&CK report<\/strong> that helps understand the exploits that have successfully been used or tried.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

On the VMC on AWS Console, the results are displayed the same way as before with the Kali Linux tool:<\/p>\n\n\n\n

\"\"
The Alert displayed here is an apache Struts remote code execution attempt.<\/figcaption><\/figure>\n\n\n\n

Conclusion<\/h1>\n\n\n\n

This new Advanced Firewall Add-on IDS\/IPS feature is really interesting as today it’s the only way to prevent attacker from exploiting vulnerabilities from inside the SDDC.<\/p>\n\n\n\n

That’s conclude the post, I hope this has given you a better understanding on how this feature is powerful.<\/p>\n","protected":false},"excerpt":{"rendered":"

In my previous post, I talked about the FQDN filtering feature which is one of the new Add-Ons of the Advanced firewall. In this Part 3 of this multi part blog series, let’s focus on the latest feature, the Distributed IDS\/IPS which is part of the newly announced NSX Advanced Firewall for VMware Cloud on … Continue reading “NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-872","post","type-post","status-publish","format-standard","hentry","category-vmconaws"],"yoast_head":"\nNSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com\" \/>\n<meta property=\"og:description\" content=\"In my previous post, I talked about the FQDN filtering feature which is one of the new Add-Ons of the Advanced firewall. In this Part 3 of this multi part blog series, let’s focus on the latest feature, the Distributed IDS\/IPS which is part of the newly announced NSX Advanced Firewall for VMware Cloud on … Continue reading "NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\" \/>\n<meta property=\"og:site_name\" content=\"vminded.com\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-18T18:33:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-02T16:59:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png\" \/>\n<meta name=\"author\" content=\"Christophe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christophe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\"},\"author\":{\"name\":\"Christophe\",\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"headline\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)\",\"datePublished\":\"2021-11-18T18:33:47+00:00\",\"dateModified\":\"2021-12-02T16:59:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\"},\"wordCount\":1663,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"image\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png\",\"articleSection\":[\"VMConAWS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\",\"url\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\",\"name\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com\",\"isPartOf\":{\"@id\":\"https:\/\/vminded.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png\",\"datePublished\":\"2021-11-18T18:33:47+00:00\",\"dateModified\":\"2021-12-02T16:59:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage\",\"url\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png\",\"contentUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png\",\"width\":979,\"height\":591},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/vminded.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vminded.com\/#website\",\"url\":\"https:\/\/vminded.com\/\",\"name\":\"vminded.com\",\"description\":\"feed your mind with virtual thoughts\",\"publisher\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/vminded.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\",\"name\":\"Christophe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g\",\"caption\":\"Christophe\"},\"logo\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/vminded.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/","og_locale":"en_US","og_type":"article","og_title":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com","og_description":"In my previous post, I talked about the FQDN filtering feature which is one of the new Add-Ons of the Advanced firewall. In this Part 3 of this multi part blog series, let’s focus on the latest feature, the Distributed IDS\/IPS which is part of the newly announced NSX Advanced Firewall for VMware Cloud on … Continue reading \"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)\"","og_url":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/","og_site_name":"vminded.com","article_published_time":"2021-11-18T18:33:47+00:00","article_modified_time":"2021-12-02T16:59:13+00:00","og_image":[{"url":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png","type":"","width":"","height":""}],"author":"Christophe","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christophe","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#article","isPartOf":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/"},"author":{"name":"Christophe","@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"headline":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)","datePublished":"2021-11-18T18:33:47+00:00","dateModified":"2021-12-02T16:59:13+00:00","mainEntityOfPage":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/"},"wordCount":1663,"commentCount":0,"publisher":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"image":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage"},"thumbnailUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png","articleSection":["VMConAWS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/","url":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/","name":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3) - vminded.com","isPartOf":{"@id":"https:\/\/vminded.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage"},"image":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage"},"thumbnailUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png","datePublished":"2021-11-18T18:33:47+00:00","dateModified":"2021-12-02T16:59:13+00:00","breadcrumb":{"@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#primaryimage","url":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png","contentUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/11\/PictureNSX.png","width":979,"height":591},{"@type":"BreadcrumbList","@id":"https:\/\/vminded.com\/index.php\/2021\/11\/18\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/vminded.com\/"},{"@type":"ListItem","position":2,"name":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 3)"}]},{"@type":"WebSite","@id":"https:\/\/vminded.com\/#website","url":"https:\/\/vminded.com\/","name":"vminded.com","description":"feed your mind with virtual thoughts","publisher":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/vminded.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a","name":"Christophe","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vminded.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g","caption":"Christophe"},"logo":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/vminded.com"]}]}},"_links":{"self":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/comments?post=872"}],"version-history":[{"count":47,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/872\/revisions"}],"predecessor-version":[{"id":1031,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/872\/revisions\/1031"}],"wp:attachment":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/media?parent=872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/categories?post=872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/tags?post=872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}