VMware Networking Community
haozch
Enthusiast
Enthusiast
‎07-14-2017 10:23 PM

DFW and edge FW based MAC address

I want to check DFW Ethernet based MAC address security.After I configuration,I find it can not work.

I use two VM ping test, I want to deny from vm1 to vm2 base MAC address.Below is my rules.I don’t know where the problem is. Another question is based MAC address rule can apply edge FW?

Preview file
918 KB
0 Kudos
1 Reply
bayupw
Leadership
Leadership
‎07-15-2017 06:55 AM

If you checked the logs (dfwpktlogs.log) could you see which firewall rule is hit by the traffic? Default rule?

Do you have VMware tools installed in the VMs?

If you don't have VMware tools, you may need to change IP detection type to ARP Snooping

Check the SpoofGuard and see if MAC address & IP address are detected by NSX

pastedImage_0.png

If you are on NSX 6.3, you can use Application Rule Manager to verify the rule too

Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization

Micro-segmentation of Applications using Application Rule Manager - Network Virtualization

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos