Spoofing also referred to as ARP Spoofing is a practice attacker use to penetrate networks. They spoof legitimate traffic on a network so that it appears to be coming from the trusted source on the network.
VMware NSX SpoofGuard keeps track of the ARP addresses to IP addresses and if there is any change in them. Leveraging VMware NSX SpoofGuard, VMware NSX can block the system automatically if there is an unexpected change of IP address to ARP address.
You can configure SpoofGuard either in Automatic or Manual mode:
- Automatically trust IP assignments on their first use – Configuring this mode will automatically trust the first IP address reported to the NSX Manager. This mode is not recommended to be configured in a DHCP environment as IP addresses are dynamic and will change dynamically.
- Manually inspect and approve all IP assignment before use – Configuring this mode will prevent all traffic by default will present the set of IP addresses discovered for approval by users.
Configuring SpoofGuard Policy
Login to vSphere Web Client and click on “Network and Security”
Click on SpoofGuard
Choose the appropriate mode, Automatically or Manual
Select the appropriate “Object Type”
As we configured mode as Manual select the VM and approve the IP Address
Click on App IP to add the additional IP Address.
Click on “Clear Approved IP” if you want to clear the approved IP Addresses.
This concludes the configuration of SpoofGuard policy in VMware NSX environment. SpoofGuard policy provides an automated way to get virtual machine blocked in case of any spoof. Hope this would be informative for you. Do share if you find this worth sharing it. Thanks for Reading!!!