Switch network security policies
There are network security policies for virtual switches that enable you to protect virtual machines from impersonation or interception attacks. These policies are:
1. Promiscuous Mode – set to Reject by default to prevent guest operating systems from observing all traffic passing through a virtual switch. Set this mode to Accept only if you use a packet sniffer or intrusion detection system in the guest operating system.
2. MAC Address Changes – when set to Reject and the guest operating systems attempts to change the MAC address assigned to the virtual NIC, the virtual machine will stop receiving traffic. Set to Accept by default.
3. Forget Transmits – affects traffic that is transmitted from a virtual machine. When set to Reject, the virtual NIC drops frames that the guest operating system sends if the source MAC address is different than the one assigned to the virtual NIC. Set to Accept by default.
To set the security policies using the vSphere Web Client, go to the host’s Manage > Networking tab. Choose the virtual switch you would like to modify and select the Edit settings icon:
Select the Security menu and specify the settings: