Support

Support for business applications

Kaspersky Security for Virtualization 5.x Agentless

Installing the application

Configuring an NSX Security Policy

Kaspersky Security for Virtualization 5.x Agentless
Нет результатов
Online Help
Advice & Solutions FAQ System requirements Switch to Kaspersky Security for Virtualization 6.x Agentless Forum Contact support Recovery tools Product videos

Configuring an NSX Security Policy

25 March 2022

ID 56691

An NSX Security Policy is configured in the VMware vSphere Web Client console. For a previously created NSX security group, you must assign an NSX security policy that defines the use of Kaspersky Security services:

  • File system protection service (Kaspersky File Antimalware Protection), if you want to protect virtual machines by using the File Anti-Virus component.
  • Network protection service (Kaspersky Network Protection), if you want to protect virtual machines by using the Network Threat Detection component.

To configure an NSX security policy:

  1. In the VMware vSphere Web Client console, start the NSX Security Policy Wizard in the Networking & Security / Service Composer section on the Security Policies tab.
  2. If you want to use the File Anti-Virus component, at the Guest Introspection Services step of the Wizard, add the Kaspersky File Antimalware Protection service with a user-defined name and the default action (Apply).
  3. If you want to use the Network Threat Detection component to scan outbound traffic of virtual machines, at the Network Introspection Services step of the Wizard, add the Kaspersky Network Protection service and specify the following values for its settings:
    • User-defined name
    • Redirection of traffic to the network protection service (Kaspersky Network Protection) is enabled (Redirect to service setting)

      If you are using VMware NSX for vSphere 6.3.6, redirection of traffic to the network protection service is enabled by default (Action – Redirect to service). If you are using VMware NSX for vSphere 6.4.1, redirection of traffic is disabled by default. In this case, you need to select Yes for the Redirect to service setting.

    • SourcePolicy's Security Groups (selected by default)
    • DestinationAny (selected by default)
  4. If you want to use the Network Threat Detection component to scan inbound traffic of virtual machines, at the Network Introspection Services step of the Wizard, add the Kaspersky Network Protection service and specify the following values for its settings:
    • User-defined name
    • Redirection of traffic to the network protection service (Kaspersky Network Protection) is enabled (Redirect to service setting)

      If you are using VMware NSX for vSphere 6.3.6, redirection of traffic to the network protection service is enabled by default (Action – Redirect to service). If you are using VMware NSX for vSphere 6.4.1, redirection of traffic is disabled by default. In this case, you need to select Yes for the Redirect to service setting.

    • Source – Any
    • DestinationPolicy's Security Groups
  5. Finish the NSX Security Policy Wizard.
  6. In the list of NSX security policies on the Security Policies tab, apply the policy (Apply) to the NSX Security Group that includes the protected virtual machines.

For more details about configuring NSX security policies, please refer to the Knowledge Base.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.