< Back
Publish-NsxSpoofguardPolicy
Post
NAME Publish-NsxSpoofguardPolicy
SYNOPSIS
Publishes the specified Spoofguard policy object.
SYNTAX
Publish-NsxSpoofguardPolicy [-SpoofguardPolicy] <XmlElement> [-Confirm] [-Connection <PSObject>]
[<CommonParameters>]
DESCRIPTION
If a virtual machine has been compromised, its IP address can be spoofed
and malicious transmissions can bypass firewall policies. You create a
SpoofGuard policy for specific networks that allows you to authorize the IP
addresses reported by VMware Tools and alter them if necessary to prevent
spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines
collected from the VMX files and vSphere SDK. Operating separately from
Firewall rules, you can use SpoofGuard to block traffic determined to be
spoofed.
Use the Publish-NsxSpoofguardPolicy cmdlet to publish the specified
SpoofGuard Policy. This causes it to be enforced.
PARAMETERS
-SpoofguardPolicy <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompt for confirmation. Specify as -confirm:$false to disable confirmation prompt
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode manual -Network $vss_pg, $vds_pg, $ls
Get-NsxSpoofguardPolicy test | Publish-NsxSpoofguardPolicy
Create and then separately publish a new policy.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxSpoofguardPolicy test | Get-NsxSpoofguardNic -NetworkAdapter (Get-Vm TestVm | get-NetworkAdapter |
select-object -first 1) | Grant-NsxSpoofguardNicApproval -IpAddress 1.2.3.4
Get-NsxSpoofguardPolicy test | Publish-NsxSpoofguardPolicy
Grant an approval to the first nic on the VM TestVM for ip 1.2.3.4 and publish it
RELATED LINKS
SYNOPSIS
Publishes the specified Spoofguard policy object.
SYNTAX
Publish-NsxSpoofguardPolicy [-SpoofguardPolicy] <XmlElement> [-Confirm] [-Connection <PSObject>]
[<CommonParameters>]
DESCRIPTION
If a virtual machine has been compromised, its IP address can be spoofed
and malicious transmissions can bypass firewall policies. You create a
SpoofGuard policy for specific networks that allows you to authorize the IP
addresses reported by VMware Tools and alter them if necessary to prevent
spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines
collected from the VMX files and vSphere SDK. Operating separately from
Firewall rules, you can use SpoofGuard to block traffic determined to be
spoofed.
Use the Publish-NsxSpoofguardPolicy cmdlet to publish the specified
SpoofGuard Policy. This causes it to be enforced.
PARAMETERS
-SpoofguardPolicy <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompt for confirmation. Specify as -confirm:$false to disable confirmation prompt
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-NsxSpoofguardPolicy -Name Test -Description Testing -OperationMode manual -Network $vss_pg, $vds_pg, $ls
Get-NsxSpoofguardPolicy test | Publish-NsxSpoofguardPolicy
Create and then separately publish a new policy.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxSpoofguardPolicy test | Get-NsxSpoofguardNic -NetworkAdapter (Get-Vm TestVm | get-NetworkAdapter |
select-object -first 1) | Grant-NsxSpoofguardNicApproval -IpAddress 1.2.3.4
Get-NsxSpoofguardPolicy test | Publish-NsxSpoofguardPolicy
Grant an approval to the first nic on the VM TestVM for ip 1.2.3.4 and publish it
RELATED LINKS