Objective 7.2: Configure Distributed Firewall Services

  • Distributed Firewall
    • Design Guide p25
    • VMware Tools dependency
      • Keep in mind test wise
    • L2 rules are between VMs on same logical switch
      • based on contents of the ethernet packet header rather than the IP packet header
    • L2 rules map to L2 OSI
      • MAC address only in source and destination fields
      • only L2 protocols like ARP in service field
    • L2 rules always enforced before L3/L4 rules
      • ie if default L2 policy is modified to block then all L3/L4 traffic will be blocked
    • L3 rules are between IP address



  • SpoofGuard
    • Admin Guide p167
    • In the vSphere Web Client, navigate to Networking & Security > SpoofGuard.
    • 2 Click the Add icon.
    • 3 Type a name for the policy.
    • 4 Select Enabled or Disabled to indicate whether the policy is enabled.
      • Operation Modes
        • Automatically Trust IP Assignments on Their First Use
        • Manually Inspect and Approve All IP Assignments Before Use




Scroll to Top