Create Modify or Delete SpoofGuard policies
A function of the NSX Manager is to collect all of the IP address of all of the Virtual Machines in vCenter using VMware tools. However, if a VM is exploited, the IP can be spoofed allowing malicious activity. Spoofguard policies allow you to authorize IP address that NSX Manager collected from VMware tools, and if needed, you can alter them to prevent spoofing. SpoofGuard can be used to block any traffic that you believe to be spoofed and has support for both IPv4 and IPv6. There are two different types of modes for SpoofGuard.
Automatically Trust IP Assignments on Their First Use: This is just as it sounds, all assignments are initially trusted, and you can review them periodically as needed.
Manually Inspect and Approve all IP Assignments before use: If you select this mode, all traffic will be blocked until you manually approve the vNIC to IP address.
Note: If you are using DHCP and manually inspect mode, traffic will be blocked until the vNIC to IP address is manually approved.
Step 1. To manage Spoofguard open a vSphere web client and navigate to Networking & Security -> SpoofGuard.
The default SpoofGuard policy is disabled for all networks.
Step 2. From this page you can either change the default policy, or add a new policy. Let’s add a new one by clicking the + sign. Spcify a Name and Enabled or Disabled and the Operation Mode then hit Next
Step 3. Specify the Network then click OK and hit Finish
Step 4. After SpoofGuard is enabled, you need to approve the vNIC to IP addresses by clicking Approve on the right hand side.
Step 5. You will noticed the it shows the IP Approver, Last Approved Date, and Approved IP.
Step 6. You can clear any approved IPs if necessary by checking the vNIC and clicking Clear Approved IP(s)
Step 7. You can also change the view to find any vNICs waiting for approval, duplicate IPs, and much more. Full options are shown below.