Evitar la usurpación de IP con el servicio SpoofGuard (EN)
Set up policies to detect IP spoofing
Last Updated on 12/02/2021
Objective
SpoofGuard protects against IP spoofing by maintaining a reference table of VM names and IP addresses. SpoofGuard maintains this reference table by using the IP addresses that the NSX Manager retrieves from VMware Tools when a VM initially starts.
This guide explains how to setup Spoofguard policies.
Requirements
- being an administrative contact of your Hosted Private Cloud infrastructure to receive login credentials
- a user account with access to vSphere as well as the specific rights for NSX (created in the OVHcloud Control Panel)
- an enabled Distributed Firewall
Instructions
In the vSphere interface menu, go to the Networking and Security dashboard.
On the left side, navigate to the Spoofguard section.
Click on + Add to create a new policy.
You could edit the default policy as well instead.
Name and enable the policy.
Choose the mode you wish to use:
- Automatically trust IP assignments on their first use
- Manually inspect and approve all IP assignment before use
Manual mode will block all traffic from your VMs until you validate the vNIC/IP combinations.
For convenience, you can also allow local address as valid address in namespace.
Click Next.
Select the Network objects the policy will apply to and click Finish.
The policy is now on the list end enabled.
If there are alerts and/or pending actions for you, you will be able to click on the number in the Pending Approval and Conflicted IPs columns.
Go further
Join our community of users on https://community.ovh.com/en/.
¿Le ha resultado útil esta guía?
Si lo desea, también puede enviarnos sus sugerencias para ayudarnos a mejorar nuestra documentación.
Imágenes, contenido, estructura...: ayúdenos a mejorar nuestra documentación con sus sugerencias.
No podemos tratar sus solicitudes de asistencia a través de este formulario. Para ello, haga clic en "Crear un tíquet" .
¡Gracias! Tendremos en cuenta su opinión.