How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

vSEC for VMware NSX

Check Point vSEC for VMware NSX security delivers multi-layered defenses to protect east-west traffic within VMware-deployed data centers. It transparently enforces security at the hypervisor level and between virtual machines, automatically quarantines infected machines for remediation, and provides comprehensive visibility into virtual network traffic trends and threats.


Advanced security protections seamlessly enforced inside the Software-Defined Data Center (SDDC)

  • Couple Check Point virtual security with NSX micro-segmentation for advanced protection of east-west data center traffic
  • Multi-layered threat prevention with the highest catch-rates against malware, for advanced protection of traffic between virtual machines
  • Auto-detection, quarantine and remediation of infected virtual machines

Agile security provisioning for the SDDC

  • Fine-grained policies dynamically tied to VMware NSX Security Groups and vCenter VM objects aid fast and secure application delivery
  • Security policy easily segmented into sub-policies aligned to micro-segmented networks
  • Security services auto-provisioned in tandem with VMware ESX host deployments and virtual machine movement
  • Security capacity that elastically scales to adjust to dynamic network changes

Comprehensive threat visibility across the SDDC

  • Unified management with single policy for both virtual and physical gateways simplifies security enforcement
  • Centralized monitoring and logging ensures comprehensive threat visibility
  • Virtual network-specific reports provide insight into SDDC threat trends

The integration of Check Point vSEC with VMware NSX allows us to have the best of both worlds. Highest levels of security and consistent policy for all data center traffic to protect our client data and scalable micro-segmentation and automated security operations to simplify and accelerate service delivery.

Thomas Wikel

Network Services Supervisor

Physicians Choice Laboratory Services


Comprehensive control and visibility

Security management is simplified with centralized configuration and monitoring of virtual security gateways. Virtual workload traffic is logged and can be easily viewed within the same dashboard as other gateway logs. Security reports specific to virtual workload traffic can be generated to track security compliance across the virtual network.

Check Point vSec for VMware NSX security - flow chart

Feasible, scalable micro-segmentation

Inherent VMware NSX network isolation and segmentation makes data center micro-segmentation feasible without the need to configure vLANs, ACLs, firewall rules, physical firewalls and routers.  With Check Point vSEC, a layered approach to policy management allows administrators to segment a single policy into sub-policies for granular rule definitions and delegation of duties by network segment. This ensures that the right level of protection is applied across each network segment.

Ubiquitous security enforcement

The VMware NSX network hypervisor is optimally located between the application and the physical infrastructure, enabling distributed enforcement at every virtual interface. By integrating with VMware NSX, Check Point vSEC can dynamically insert advanced security protection. Check Point’s Advanced Threat Prevention delivers multi-layered defenses, with the industry’s best catch rates and comprehensive threat intelligence, to proactively stop botnets, targeted attacks, advanced persistent threats and zero-day attacks. VMware NSX makes it possible to chain Check Point’s advanced security protections between different workloads and to control communications between applications.  This reduces network complexity and the need to use multiple VLANs inside the data center.

Context-aware security policy

VMware NSX standard tags enable full-context sharing between VMware NSX, VMware vCenter and the Check Point vSEC management platforms ensures that VMware Security Groups and VM identities are easily imported and reused within the Check Point security policy. This reduces security policy creation time from minutes to seconds.  Context-awareness is maintained so that any changes or new additions are automatically tracked. This makes it possible for security protections to be enforced on virtual applications regardless of where they are created or located.

In addition, predefined Check Point security templates automate the security of newly provisioned VMs.

Security automation and orchestration

Check Point vSEC leverages VMware NSX security automation for dynamic distribution and orchestration for protecting East-West traffic.This advanced virtual security detects and tags malware-infected VMs, and automatically updates VMware NSX. Threats are quickly contained and the appropriate remediation service can be applied to the infected VM. In the data center environment, there is often a need to integrate different systems that manage the security workflow. Also, repetitive manual tasks must be automated to streamline security operations. Check Point’s security management API allows for granular privilege controls, so that edit privileges can be scoped down to a specific rule or object within the policy, restricting what an automated task or integration can access and change. This ability to perform trusted connections provides security teams with the confidence to automate and streamline the entire security workflow.

Check Point and VMware

The Software Defined Data Center (SDDC) with VMware NSX network virtualization enables fundamentally more agile, efficient and secure data centers.Working together, VMware and Check Point have integrated their best of breed virtualization and advanced threat prevention technologies to enable the efficient delivery of applications and security assurance to realize the full value of Sofware-Defined Data Center architectures. The combination of vSEC and NSX logically extends advanced threat prevention further into the data center fabric. This enhances NSX native micro-segmentation capabilities to deliver advanced security services wherever needed. In the event of a breach of a single node or segment of the network, the threat is easily and effectively contained and isolated. This distributed security architecture enables Check Point best-of-breed network security services to be inserted at the vNIC level, for extremely granular control, enhanced visibility and superior threat prevention.

VMware NSX Partner Logo, VMware NSX security

Learn More


Supported VMware SolutionsVMware vSphere 5.5.x
VMware vSphere 6
VMware vCenter Server 5.5 or later
VMware ESX 5.5 or later for each server
VMware NSX Manager 6.1.x
VMware NSX Manager 6.2.x
Supported Check Point ReleasesR77.20VSEC
Memory and System Requirements2G RAM
5 virtual cores
Note: Please refer to support matrix in the HCL for detailed version compatibility