NSX is an extensible platform; other vendors security solutions can be added to it by means of the Northbound REST API, and two private APIs: NETX for network introspection, and EPSEC for guest introspection.
Fortinet’s FortiGate-VMX solution uses the NSX NETX API to provide advanced layer 4-7 services via service insertion, also called service chaining. This enables the additional inspection of VM traffic prior to that traffic reaching the vSwitch. This enhances micro-segmentation where there is need for greater application recognition, anti-malware, and other Next Generation Firewall features. The scale-out nature of NSX is maintained as NSX handles the instantiation of FortiGate service VMs on the hosts within the deployed cluster retaining its operational advantages, if the cluster grows additional FortiGate-VMX service machines will be created as needed.
One of the primary advantages to FortiGate-VMX is the availability of VDOMs for multi-tenancy in a service provider or enterprise environment – this enables segmenting traffic by organization, business group, or other construct in addition to application. The segregation includes the administration, VDOMs are managed independently of one another, this can also be used to split the different security functions such as anti-virus, IPS, and application control into isolated units or only use certain features against specific groups. For example a PCI group might have more features enabled, but be lower throughput. Each VDOM has its own NSX Service Profile, which means the traffic steering policy can be tailored precisely for the domain.
NSX with FortiGate-VMX unites the depth of the Fortinet solution with the scale-out orchestration and automation capabilities of NSX. This ensures that new workloads are protected by policy while making data center security management and operations simpler and more efficient. The white paper provides more information on the solution features and use cases that these can be applied to: