1 Reply Latest reply on Oct 1, 2019 6:49 PM by Nick_Andreev

    Spoofguard blocking issue

    Dr.Virt Enthusiast

      Experiencing issues when spoofguard is enabled within NSX as it is retaining registrations which are old/retired. We often have multiple instances of VMs which are cycled on and off in order to do testing. If we disable spoofguard then it works fine.

       

      Is there some way to get spoofguard to only pay attention to powered on VMs?

        • 1. Re: Spoofguard blocking issue
          Nick_Andreev Expert

          Hi @Dr.Virt,

           

          If you're using the default SpoofGuard policy, it will automatically approve the first IP that the VM boots up with. It's called Trust on First Use. Then if VM changes its IP address or MAC, SpoofGuard will detect that and block the VM. That's the idea behind SpoofGuard, to prevent IP/MAC spoofing.

           

          That said, what is the exact issue you're experiencing? If you delete a VM, SpoofGuard automatically clears it from its configuration. And if you then create a new VM, even with the same name, SpoofGuard will treat it as a new VM. So it shouldn't retain any old registrations.