Comparison Table

VMware NSX
Product line comparison

VMware NSX® and VMware NSX+™ provide networking, security and advanced load balancing for multi-cloud environments. This document outlines the features
available with each edition.

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Distributed security

Distributed firewall for NSX and VMware vSphere® Distributed Switch™

• • • • • •
(VDS) ports

Stateful and stateless L2 and L3 rules • • • • • •

Distributed FQDN filtering • • • •

Basic L7 application identification rules • • • •

Advanced L7 application identification rules Please refer to the VMware NSX Distributed Firewall™ datasheet.

Malicious IP filtering • • • • •

Distributed flood protection • • • • • •

Agent-based enforcement for physical servers • • • • • •

Stateful and stateless L2 and L3 rules with DPU support • •

Distributed identity firewall using guest introspection or

• • • •
Active Directory event server

1
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Distributed identity firewall using third-party log sources Please refer to the VMware NSX Distributed Firewall datasheet.

Distributed threat prevention and advanced threat prevention – Please refer to the VMware NSX Distributed Firewall datasheet.
intrusion detection system/intrusion prevention system (IDS/IPS),
malware prevention, sandboxing, network detection and response
(NDR), network traffic analysis (NTA)

Policy, tagging and grouping • • • • • •

Firewall operations • • • • • •

Distributed service insertion integrations

Distributed endpoint protection • • • • • •

Distributed network introspection • • • •

Gateway security

Stateful and stateless L3 rules • • • • • •

Basic L7 application identification rules • • • • • •

Advanced L7 application identification rules Please refer to the VMware NSX Gateway Firewall™ datasheet.

URL filtering Please refer to the VMware NSX Gateway Firewall datasheet.

Gateway flood protection • • • • • •

Gateway network introspection • • • • • •

Gateway user identity firewall1 Please refer to the VMware NSX Gateway Firewall datasheet.

Gateway threat prevention and advanced threat prevention1 Please refer to the VMware NSX Gateway Firewall datasheet.

1. Additional security capabilities are available with NSX security add-on licenses. Please refer to the VMware NSX Distributed Firewall and VMware NSX Gateway Firewall datasheets.

Comparison Table | 2
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Gateway firewall high availability

Active-active gateway firewall services – firewall, network address

• • • • • •
translation (NAT), IDS/IPS, VPN, malware detection

Advanced desktop management • •

NAT

NAT on north-south and east-west logical routers • • • • • •

Source NAT, destination NAT, NAT N:N, stateless NAT • • • • • •

NAT logging • • • • • •

NAT64 • • • •

Active-active NAT services • •

VPN

L2 VPN • • • • • •

IPv4 L3 VPN • • • • • •

IPv6 L3 VPN • • • •

Switching

vSphere Distributed Switch • • • • • •

VLAN-backed and overlay-backed logical switching • • • • • •

Comparison Table | 3
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Multiple tunnel endpoint (TEP) support, SpoofGuard, LACP

• • • • • •
(edge and host)

L2 multicast • • • • • •

L3 multicast • • • •

Enhanced datapath – standard and performance • • • •

Enhanced datapath – standard for DPUs • • • •

Enhanced datapath – performance for DPUs • •

Uniform passthrough for DPUs • •

Quality of service (QoS)

QoS marking and DSCP trust boundary • • • • • •

QoS rate limit northbound traffic on tier-1 gateway • • • •

L2 bridging to physical environment

Software-based L2 bridge to physical environments • • • • • •

Routing

Distributed and multitier routing • • • • • •

Active-active dynamic routing with ECMP • • • • • •

Active-standby redundancy for routing • • • • • •

Comparison Table | 4
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Virtual routing and forwarding (VRF) – tier-0 gateway VRFs • • • •

Ethernet VPN (EVPN) • •

OSPF v2 • • • • • •

BGP – IPv4 unicast • • • • • •

BGP – IPv6 unicast • • • •

Static routing – IPv4 • • • • • •

Static routing – IPv6 • • • • • •

Other routing

Route maps • • • • • •

High availability virtual IP (HA VIP), route redistribution, IP prefix lists,

• • • • • •
per-interface reverse path forwarding (RPF) check

DNS, DHCP and IPAM

IP address management (IPAM) • • • • • •

IP blocks, IP subnets, IP pools • • • • • •

IPv4 DHCP server, relay, and static bindings/fixed addresses • • • • • •

IPv6 DHCP server, relay, and static bindings/fixed addresses • • • •

IPv4 DNS relay/DNS proxy • • • • • •

Comparison Table | 5
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Load balancing

Protocols – TCP (L4–L7), UDP, HTTP • •

Mechanism – round robin, source IP hash, least connections,

• •
L7 app rules with RegEx

Health checks – TCP, ICMP, UDP, HTTP, HTTPS • •

Monitoring – VIP/pool/server objects and statistics, global statistics • •

VIP sessions

Load balancing automation – pool members based on VMware vCenter®

• •
context or IP addresses

Connection throttling • •

High availability • •

Modern apps

Container networking and security • • • •

VMware Container Networking™ Enterprise with Antrea • • • •

Distributed load balancing (DLB) • • • •

Automation

REST API and hierarchical policy API • • • • • •

JSON support • • • • • •

Comparison Table | 6
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

OpenAPI/Swagger specification • • • • • •

Java SDK and Python SDK • • • • • •

Terraform provider • • • • • •

Ansible modules • • • • • •

Integration with VMware Aria Automation™, VMware Cloud Director™,

• • • • • •
and VMware Integrated OpenStack

Platform

VMware ESXi™ support • • • • • •

Manager/controller clustering • • • • • •

vCenter integration • • • • •

Multi-vCenter networking and security • • • •

Federation •

Edge in virtual machine (VM) form factor • • • • • •

Edge in bare-metal form factor for routing • • • • • •

Edge in bare-metal form factor for gateway firewall

DPDK optimized forwarding • • • • • •

NSX application platform •

Comparison Table | 7
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Dual stack (IPv4/IPv6) external management for on-premises • • • •

Dual stack (IPv4/IPv6) external management for SaaS • •

Authentication and authorization • • • • • •

VMware Aria Operations™ for Logs and Splunk integration (plug-in) • • • • • •

Manual and automated NSX Manager™ and NSX Edge™ deployment,

• • • • • •
automated host preparation by cluster

Multitenancy2 – projects, virtual private clouds (VPCs) • • • • • •

Operations

Port mirroring, traceflow, NSX live traffic analysis, packet capture • • • • • •

Tunnel health monitoring, port connectivity tool, switch-based

• • • • • •
IPFIX, LLDP

Automated technical support bundles, backup and restore • • • • • •

SNMP v1/v2/v3 with traps • • • • • •

Time series metrics •

DPU-based network operations • •

Upgrade and Migration Coordinator, NSX Manager to policy promotion • • • • • •

2. Refer to the NSX or NSX+ datasheet for information on scale supported.

Comparison Table | 8
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Product entitlement

VMware Aria Operations for Logs (SaaS) • • •

VMware Aria Operations for Logs • • •

VMware Aria Operations for Networks Advanced • •

VMware Aria Operations for Networks Enterprise

VMware Aria Operations for Networks (SaaS)

VMware HCX® Advanced •

VMware HCX+™

VMware Workspace ONE® Access™ • • • • • •

VMware NSX Advanced Load Balancer™ Enterprise3 • •

VMware NSX Advanced Load Balancer Enterprise with Cloud services3 • •

VMware NSX Intelligence™4

VM-to-VM traffic flow analysis •

Firewall visibility •

Automated security policy •

Rule and group recommendation analytics •

3. Refer to the NSX or NSX+ datasheet for information on scale supported.

4. Additional security capabilities are available with NSX security add-on licenses. Please refer to the VMware NSX Distributed Firewall and VMware NSX Gateway Firewall datasheets.

Comparison Table | 9
VMware NSX

NSX NSX NSX NSX+ NSX+ NSX+

Professional Advanced Enterprise Standard Advanced Enterprise
Plus

Network traffic analytics

Multi-cloud

Policy for local managers • • •

Policy for VMware Cloud™ software-defined data centers (SDDCs)

Multisite (on-premises)5 • • •

VMware Cloud SDDCs

Upgrade recommendations • • •

Keyless activation • • • •

Cloud-based NSX infrastructure monitoring • • •

NSX+ Intelligence™ Please refer to the VMware NSX Distributed Firewall datasheet.

NSX+ NDR Please refer to the VMware NSX Distributed Firewall datasheet.

5. Refer to the NSX or NSX+ datasheet for information on scale supported.

Reference
VMware NSX datasheet

VMware NSX+ datasheet

VMware NSX Distributed Firewall datasheet

VMware NSX Gateway Firewall datasheet

Copyright © 2023 VMware, Inc. All rights reserved. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001
VMware and the VMware logo are registered trademarks or trademarks of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware products are covered by one or more patents listed at vmware.com/go/patents. Item No: 2072350aq-ct-nsx-uslet 7/23