< Back
New-NsxSpoofguardPolicy
Post
NAME New-NsxSpoofguardPolicy
SYNOPSIS
Creates a new Spoofguard policy in NSX.
SYNTAX
New-NsxSpoofguardPolicy [-Name] <String> [[-Description] <String>] [-OperationMode] <String> [-AllowLocalIps]
[-Network] <Object[]> [-Publish] [[-Connection] <PSObject>] [<CommonParameters>]
DESCRIPTION
If a virtual machine has been compromised, its IP address can be spoofed
and malicious transmissions can bypass firewall policies. You create a
SpoofGuard policy for specific networks that allows you to authorize the IP
addresses reported by VMware Tools and alter them if necessary to prevent
spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines
collected from the VMX files and vSphere SDK. Operating separately from
Firewall rules, you can use SpoofGuard to block traffic determined to be
spoofed.
Use the New-NsxSpoofguardPolicy cmdlet to create a new SpoofGuard
Policy in NSX.
Policies are not published (enforced) automatically. Use the -publish
switch to automatically publish a newly created policy. Note that this
could impact VM communications depending on the policy settings.
PARAMETERS
-Name <String>
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Description <String>
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OperationMode <String>
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AllowLocalIps [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Network <Object[]>
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Publish [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? 5
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$vss_pg = Get-VirtualPortGroup -Name "VM Network" | select-object -First 1
$vds_pg = Get-VDPortgroup -Name "Internet"
$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch -Name LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode manual -Network $vss_pg, $vds_pg, $ls
Create a new manual approval policy for three networks (a VSS PG, VDS PG and
Logical switch)
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls -publish
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp and publish it immediately.
Publishing causes the policy to be enforced on the data plane immediately
(and potentially block all communication, so use with care!)
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls -AllowLocalIps
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp and allow local IPs to be approved (169.254/16 and fe80::/64)
RELATED LINKS
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnAuthServer; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnAuthServer [-SslVpn] <XmlElement> [-PasswordMinLength <int>]
[-PasswordMaxLength <int>] [-PasswordMinAlphabet <int>] [-PasswordMinDigit <int>]
[-PasswordMinSpecialChar <int>] [-PasswordAllowUsernameInPassword] [-PasswordLifetime
<int>] [-PasswordExpiryNotificationTime <int>] [-PasswordLockoutRetryCount <int>]
[-PasswordLockoutRetryDuration <int>] [-PasswordLockoutDuration <int>] [-ServerType
<string>] [-Connection <psobject>] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnAuthServer
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnClientInstallationPackage; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnClientInstallationPackage [-SslVpn] <XmlElement> [-Name] <string> [-Gateway]
<ipaddress[]> [[-Port] <int>] [[-Description] <string>] [[-Connection] <psobject>]
[-CreateLinuxClient] [-CreateMacClient] [-StartClientOnLogon] [-HideSystrayIcon]
[-RememberPassword] [-SilentModeOperation] [-SilentModeInstallation] [-HideNetworkAdaptor]
[-CreateDesktopIcon] [-EnforceServerSecurityCertValidation] [-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnClientInstallationPackage
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnIpPool; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnIpPool [-SslVpn] <XmlElement> [-IpRange] <string> [-Netmask] <ipaddress>
[-Gateway] <ipaddress> [[-PrimaryDnsServer] <ipaddress>] [[-SecondaryDnsServer]
<ipaddress>] [[-DnsSuffix] <string>] [[-WinsServer] <ipaddress>] [[-Connection] <psobject>]
[-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnIpPool
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnPrivateNetwork; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnPrivateNetwork [-SslVpn] <XmlElement> [-Network] <string> [[-Ports] <string>]
[[-Description] <string>] [[-Connection] <psobject>] [-BypassTunnel] [-OptimiseTcp]
[-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnPrivateNetwork
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnUser; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnUser [-SslVpn] <XmlElement> [-UserName] <string> [-Password] <string>
[[-FirstName] <string>] [[-LastName] <string>] [[-Description] <string>] [[-Connection]
<psobject>] [-DisableUser] [-PasswordNeverExpires] [-AllowPasswordChange]
[-ForcePasswordChangeOnNextLogin] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnUser
Category : Function
Component :
Role :
Functionality :
SYNOPSIS
Creates a new Spoofguard policy in NSX.
SYNTAX
New-NsxSpoofguardPolicy [-Name] <String> [[-Description] <String>] [-OperationMode] <String> [-AllowLocalIps]
[-Network] <Object[]> [-Publish] [[-Connection] <PSObject>] [<CommonParameters>]
DESCRIPTION
If a virtual machine has been compromised, its IP address can be spoofed
and malicious transmissions can bypass firewall policies. You create a
SpoofGuard policy for specific networks that allows you to authorize the IP
addresses reported by VMware Tools and alter them if necessary to prevent
spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines
collected from the VMX files and vSphere SDK. Operating separately from
Firewall rules, you can use SpoofGuard to block traffic determined to be
spoofed.
Use the New-NsxSpoofguardPolicy cmdlet to create a new SpoofGuard
Policy in NSX.
Policies are not published (enforced) automatically. Use the -publish
switch to automatically publish a newly created policy. Note that this
could impact VM communications depending on the policy settings.
PARAMETERS
-Name <String>
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Description <String>
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OperationMode <String>
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AllowLocalIps [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Network <Object[]>
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Publish [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? 5
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$vss_pg = Get-VirtualPortGroup -Name "VM Network" | select-object -First 1
$vds_pg = Get-VDPortgroup -Name "Internet"
$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch -Name LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode manual -Network $vss_pg, $vds_pg, $ls
Create a new manual approval policy for three networks (a VSS PG, VDS PG and
Logical switch)
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls -publish
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp and publish it immediately.
Publishing causes the policy to be enforced on the data plane immediately
(and potentially block all communication, so use with care!)
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>$ls = Get-NsxTransportZone | Get-NsxLogicalSwitch LSTemp
New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode tofu -Network $ls -AllowLocalIps
Create a new Trust on First Use Spoofguard policy protecting the Logical
Switch LSTemp and allow local IPs to be approved (169.254/16 and fe80::/64)
RELATED LINKS
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnAuthServer; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnAuthServer [-SslVpn] <XmlElement> [-PasswordMinLength <int>]
[-PasswordMaxLength <int>] [-PasswordMinAlphabet <int>] [-PasswordMinDigit <int>]
[-PasswordMinSpecialChar <int>] [-PasswordAllowUsernameInPassword] [-PasswordLifetime
<int>] [-PasswordExpiryNotificationTime <int>] [-PasswordLockoutRetryCount <int>]
[-PasswordLockoutRetryDuration <int>] [-PasswordLockoutDuration <int>] [-ServerType
<string>] [-Connection <psobject>] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnAuthServer
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnClientInstallationPackage; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnClientInstallationPackage [-SslVpn] <XmlElement> [-Name] <string> [-Gateway]
<ipaddress[]> [[-Port] <int>] [[-Description] <string>] [[-Connection] <psobject>]
[-CreateLinuxClient] [-CreateMacClient] [-StartClientOnLogon] [-HideSystrayIcon]
[-RememberPassword] [-SilentModeOperation] [-SilentModeInstallation] [-HideNetworkAdaptor]
[-CreateDesktopIcon] [-EnforceServerSecurityCertValidation] [-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnClientInstallationPackage
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnIpPool; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnIpPool [-SslVpn] <XmlElement> [-IpRange] <string> [-Netmask] <ipaddress>
[-Gateway] <ipaddress> [[-PrimaryDnsServer] <ipaddress>] [[-SecondaryDnsServer]
<ipaddress>] [[-DnsSuffix] <string>] [[-WinsServer] <ipaddress>] [[-Connection] <psobject>]
[-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnIpPool
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnPrivateNetwork; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnPrivateNetwork [-SslVpn] <XmlElement> [-Network] <string> [[-Ports] <string>]
[[-Description] <string>] [[-Connection] <psobject>] [-BypassTunnel] [-OptimiseTcp]
[-Enabled] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnPrivateNetwork
Category : Function
Component :
Role :
Functionality :
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-NsxSslVpnUser; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-NsxSslVpnUser [-SslVpn] <XmlElement> [-UserName] <string> [-Password] <string>
[[-FirstName] <string>] [[-LastName] <string>] [[-Description] <string>] [[-Connection]
<psobject>] [-DisableUser] [-PasswordNeverExpires] [-AllowPasswordChange]
[-ForcePasswordChangeOnNextLogin] [<CommonParameters>]
ModuleName : PowerNSX
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-NsxSslVpnUser
Category : Function
Component :
Role :
Functionality :