Avoid IP spoofing with the SpoofGuard service

Set up policies to detect IP spoofing

Last Updated on 12/02/2021

Objective

SpoofGuard protects against IP spoofing by maintaining a reference table of VM names and IP addresses. SpoofGuard maintains this reference table by using the IP addresses that the NSX Manager retrieves from VMware Tools when a VM initially starts.

This guide explains how to setup Spoofguard policies.

Requirements

Instructions

In the vSphere interface menu, go to the Networking and Security dashboard.

Menu

On the left side, navigate to the Spoofguard section.
Click on + Add to create a new policy.

You could edit the default policy as well instead.

SPOOF

Name and enable the policy.
Choose the mode you wish to use:

  • Automatically trust IP assignments on their first use
  • Manually inspect and approve all IP assignment before use

Manual mode will block all traffic from your VMs until you validate the vNIC/IP combinations.

For convenience, you can also allow local address as valid address in namespace.

Click Next.

POLICY

Select the Network objects the policy will apply to and click Finish.

POLICY

The policy is now on the list end enabled.
If there are alerts and/or pending actions for you, you will be able to click on the number in the Pending Approval and Conflicted IPs columns.

DONE

Go further

Join our community of users on https://community.ovh.com/en/.


Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.


These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices exclude VAT. VAT may vary according to the customer's country of residence.