NSX Manager collects the IP addresses of all vCenter guest virtual machines from VMware Tools on each virtual machine after Initial Synchronization with vCenter Server. In case virtual machine gets compromised, the IP address can be spoofed and malicious transmissions can bypass firewall policies.
VMware NSX includes Spoofguard which allows administrator to authorize IP addresses reported by VMware tools running inside a virtual machine. Administrator can create SpoofGuard policies for specific networks that allows you to authorize the IP addresses to prevent spoofing.You can use SpoofGuard to block traffic determined to be spoofed. SpoofGuard supports both IPv4 and IPv6 addresses. The SpoofGuard policy supports a single IP address assigned to a vNIC when IPv4 and support multiple IP Address when using IPv6.
By default Spoofguard is disabled, you can configure Spoofguard using NSX plugin in the vSphere Web Client.
The SpoofGuard policy monitors and manages the IP addresses reported by your virtual machines in one of the following modes.
- Automatically Trust IP Assignments On Their First Use : This mode allows all traffic from your virtual machines to pass while building a table of vNIC-to-IP address assignments. All the assignments are initially marked as trusted and can be reviewed in case needed at later stage.
- Manually Inspect and Approve All IP Assignments Before Use : If you select this mode, this mode blocks all traffic until you approve each vNIC-to-IP address assignment.
Click on Green ” + ” Sign to create an new SpoofGuard Policy.
Choose the Network to apply SpoofGuard Policy.
Once you choose the network. You will see the list of virtual machines with detected IP Addresses. Click on Approve to approve the IP Address.
Publish the changes.
Perform Ping test to verify the communication.
This concludes the process of creating SpoofGurad Policy to prevent spoofing. I hope this is informative for you. Thanks for reading !!!. Be social and share it in social media, if you feel worth sharing it.