Avoid IP spoofing with the SpoofGuard service

Set up policies to detect IP spoofing

Last Updated on 12/02/2021


SpoofGuard protects against IP spoofing by maintaining a reference table of VM names and IP addresses. SpoofGuard maintains this reference table by using the IP addresses that the NSX Manager retrieves from VMware Tools when a VM initially starts.

This guide explains how to setup Spoofguard policies.



In the vSphere interface menu, go to the Networking and Security dashboard.


On the left side, navigate to the Spoofguard section.
Click on + Add to create a new policy.

You could edit the default policy as well instead.


Name and enable the policy.
Choose the mode you wish to use:

  • Automatically trust IP assignments on their first use
  • Manually inspect and approve all IP assignment before use

Manual mode will block all traffic from your VMs until you validate the vNIC/IP combinations.

For convenience, you can also allow local address as valid address in namespace.

Click Next.


Select the Network objects the policy will apply to and click Finish.


The policy is now on the list end enabled.
If there are alerts and/or pending actions for you, you will be able to click on the number in the Pending Approval and Conflicted IPs columns.


Go further

Join our community of users on https://community.ovh.com/en/.

Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.

These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community