Creating NSX Security Policy

Adding NSX Security Policy for Deep Security Virtual Appliance (DSVA)

- Updated:
- 8 Sep 2015
- Product/Version:
- Deep Security 9.5
- Deep Security 9.6
- Platform:
- Amazon AMI 32-bit
- Amazon AMI 64-bit
- CentOS 5.4 32-bit
- CentOS 5.4 64-bit
- CentOS 5.5 32-bit
- CentOS 5.5 64-bit
- CentOS 5.6 32-bit
- CentOS 5.6 64-bit
- CentOS 5.7 32-bit
- CentOS 5.7 64-bit
- CentOS 5.8 32-bit
- CentOS 5.8 64-bit
- CentOS 6 32-bit
- CentOS 6 64-bit
- CentOS 6.1 32-bit
- CentOS 6.1 64-bit
- CentOS 6.2 32-bit
- CentOS 6.2 64-bit
- HPUX 11.x
- IBM AIX 6.1
- Linux - Red Hat RHEL 5 32-bit
- Linux - Red Hat RHEL 5 64-bit
- Linux - Red Hat RHEL 6 32-bit
- Linux - Red Hat RHEL 6 64-bit
- Linux - SuSE 10
- Linux - SuSE 10 64-bit
- Linux - SuSE 11
- Linux - SuSE 11 64-bit
- Oracle Linux 5 32-bit
- Oracle Linux 5 64-bit
- Oracle Linux 6 32-bit
- Oracle Linux 6 64-bit
- Oracle Solaris 11 SPARC
- Oracle Solaris 11 x86
- Ubuntu 10.04 64-bit
- Ubuntu 12.04 64-bit
- Unix - Solaris (Sun) version 10 (SunOS 5.10)
- Unix - Solaris (Sun) version 9 (SunOS 5.9)
- Windows 2003 Server R2
- Windows 2003 Small Business Server
- Windows 2003 Small Business Server R2
- Windows 2008 Enterprise
- Windows 2008 Enterprise 64-bit
- Windows 2008 Essential Business Server
- Windows 2008 Server Core
- Windows 2008 Server Foundation
- Windows 2008 Server R2
- Windows 2008 Server R2 Datacenter
- Windows 2008 Server R2 Enterprise
- Windows 2008 Server R2 with Hyper-V(TM)
- Windows 2008 Small Business Server
- Windows 2008 Standard
- Windows 2008 Standard 64-bit
- Windows 2012 Datacenter R2
- Windows 2012 Enterprise
- Windows 2012 Server Essential R2
- Windows 2012 Server Foundation R2
- Windows 2012 Standard R2
- Windows 8.1 32-bit
- Windows 8.1 64-bit
- Windows Vista 32-bit
- Windows Vista 64-bit
- Windows XP Professional
- Windows XP Professional 64-bit

To create NSX Security Policy with Deep Security enabled as both Endpoint Service and Network Introspection service:

On your vSphere Web Client, go to Home > Networking & Security > Service Composer.
Select the Security Policies tab and click the New Security Policy icon.
Enter a name for the new policy.
Click Next.
Click the green plus sign (+) to add an Endpoint Service.
Provide a name for the Endpoint Service and leave the following default settings:
- Action: Apply
- Service Type: Anti Virus
- Service Name: Trend Micro Deep Security
- Service Configuration: Deep Security Profile Configuration
- State: Enabled
- Enforce: No
Click OK, and then click Next.
Do not make any changes on the Firewall Rules, and click Next.
On the Network Introspection Services option, add two (2) services, an outbound and an inbound traffic.
1. Click the green plus sign (+) to create a new outbound service.
2. Enter a name, which includes the word "Outbound", for the service.
3. Configure the following settings for the Outbound service:
  - Action: Redirect to service
  - Service Name: Trend Micro Deep Security
  - Profile: Name of the service profile you created earlier
  - Source: Policy's Security Groups
  - Destination: Any
  - Protocol: Any
  - State: Enabled
  - Log: Do not log
4. Create the inbound service by clicking the green plus sign (+).
5. Provide a name, which includes the word "Inbound".
6. Configure the following settings for the Inbound service:
  - Action: Redirect to service
  - Service Name: Trend Micro Deep Security
  - Profile: Name of the service profile created earlier
  - Source: Any
  - Destination: Policy's Security Groups
  - Protocol: Any
  - State: Enabled
  - Log: Do not log
Click OK on the Add Network Inspection Service window.
Click Finish to complete and close the New Security Policy window.

Need More Help?

Adding NSX Security Policy for Deep Security Virtual Appliance (DSVA)