NSX distributed firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks. You can create access control policies based on vCenter Server objects such as data centers and clusters, virtual machine names and tags, network constructs such as IP/VLAN/VXLAN addresses, and user group identity from Active Directory. Consistent access control policy is now enforced when a virtual machine is moved using vSphere vMotion across physical hosts without the need to rewrite firewall rules. Because distributed firewall is hypervisor embedded, it delivers close to line rate throughput to enable higher workload consolidation on physical servers. The distributed nature of the firewall provides a scale-out architecture that automatically extends firewall capacity when additional hosts are added to a data center.