NSX Edge provides network edge security and gateway services to isolate a virtualized network. You can install an NSX Edge either as a logical (distributed) router or as a services gateway.

The NSX Edge logical (distributed) router provides East-West distributed routing with tenant IP address space and data path isolation. Virtual machines or workloads that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface.

The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of NSX Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the NSX Edge creates virtual boundaries for each tenant.

Dynamic Routing

Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. NSX extends this intelligence to where the workloads reside for doing East-West routing. This allows more direct virtual machine to virtual machine communication without the costly or timely need to extend hops. At the same time, NSX also provides North-South connectivity, thereby enabling tenants to access public networks.


Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols.

Network Address Translation

Separate controls for Source and Destination IP addresses, as well as port translation.

Dynamic Host Configuration Protocol (DHCP)

Configuration of IP pools, gateways, DNS servers, and search domains.

Site-to-Site Virtual Private Network (VPN)

Uses standardized IPsec protocol settings to interoperate with all major VPN vendors.


Provides the ability to stretch your L2 network.


SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway.

Load Balancing

Simple and dynamically configurable virtual IP addresses and server groups.

High Availability

High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable.

NSX Edge supports syslog export for all services to remote servers.

Multi-Interface Edge