Palo-Alto firewall and Sophos UTM are both VM-s (not physical). But yes, NSX advantage is very hard to understand. And Im not the only person. I like it, the whole idea of VXLAN virtualization, but still I see its not fully developed product jet. Example lack of rules to route VM-s L2 traffic to special bridge. Also 1:1 (logical switch to portgroup) bridge restriction is not justified. I hope some engineer from VMWare also read this thread and then think twice and next version becomes just great product........So, its simple. There must be done one simple automatic in L2 level. Each DLR bridge must have MAC-s filter, to allow or block VM-s. But it must be automatic. Admin only choose VM and NSX automatically makes MAC filters. When VM MAC changes, then it must automatically reflect in MAC filters table.
↧
