Network Introspection is a service insertion feature that allows third-party network security services

to monitor and analyze the traffic between virtual machines. Network Introspection can be

configured on the host pNIC or on the partner SVM, depending on the type of service and the

deployment model. The host pNIC configuration is used for services that require traffic redirection

from the physical network to the service virtual machine. The partner SVM configuration is used for

services that require traffic redirection from the virtual network to the service virtual machine.

Network Introspection cannot be configured on the Tier-0 or Tier-1 gateways, as they are not part of

the data plane where the service insertion occurs. Network Introspection also cannot be configured

on the edge node, as it is a logical construct that hosts the Tier-0 and Tier-1

gateways. Reference: Distributed Service Insertion, NSX Securing “Anywhere” Part IV