Skip main navigation (Press Enter).

VMware NSX

Back to discussions

Expand all | Collapse all

DFW and edge FW based MAC address

haozchJul 15, 2017 05:24 AM

I want to check DFW Ethernet based MAC address security.After I configuration,I find it can not work. ...

bayupwJul 15, 2017 01:56 PM

If you checked the logs (dfwpktlogs.log) could you see which firewall rule is hit by the traffic? Default ...

1. DFW and edge FW based MAC address

Recommend
haozch
Posted Jul 15, 2017 05:24 AM

Reply Reply Privately
I want to check DFW Ethernet based MAC address security.After I configuration,I find it can not work.
I use two VM ping test, I want to deny from vm1 to vm2 base MAC address.Below is my rules.I don’t know where the problem is. Another question is based MAC address rule can apply edge FW?
2. RE: DFW and edge FW based MAC address

Recommend
bayupw
Posted Jul 15, 2017 01:56 PM

Reply Reply Privately
If you checked the logs (dfwpktlogs.log) could you see which firewall rule is hit by the traffic? Default rule?
Do you have VMware tools installed in the VMs?
If you don't have VMware tools, you may need to change IP detection type to ARP Snooping
Check the SpoofGuard and see if MAC address & IP address are detected by NSX
If you are on NSX 6.3, you can use Application Rule Manager to verify the rule too
Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization
Micro-segmentation of Applications using Application Rule Manager - Network Virtualization

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon