To override the VM interface security configuration:
As part of the VM interface‘s security configuration, IPv4 and IPv6 Inbound and MAC Inbound address firewall rules are required.
You will use the drop-down menus to select the firewall rules to apply to this profile‘s VM interface configuration. The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances.
IPv4 is a connectionless protocol for packet switched networking. IPv4 operates as a best effort delivery method, as it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery (unlike (TCP). IPv4 hosts can use link local addressing to provide local connectivity.
Trust ARP Responses |
Select this option to enable ARP trust on this VM interface. ARP packets received on this port are considered trusted, and the information from these packets is used to identify rogue devices. This option is disabled by default. |
Trust DHCP Responses |
Select this option to enable DHCP trust on this VM interface. If enabled, only DHCP responses are trusted and forwarded on this port, and a DHCP server can be connected only to a DHCP trusted port. This option is enabled by default. |
ARP Header Mismatch Validation |
Select this option to enable a mismatch check for the source MAC in both the ARP and Ethernet header. This option is enabled by default. |
Trust 802.1p COS values |
Select this option to enable 802.1p COS values on this VM interface. This option is enabled by default. |
Trust IP DSCP |
Select this option to enable IP DSCP values on this VM interface. This option is disabled by default. |
Trust ND Requests |
Select this option to enable the trust of neighbor discovery requests required on an IPv6 network on this VM interface. This option is disabled by default. |
Trust DHCPv6 Responses |
Select this option to trust all DHCPv6 responses on this VM interface. DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network. DHCPv6 relay agents receive messages from clients and forward them a DHCPv6 server. The server sends responses back to the relay agent, and the relay agent sends the responses to the client on the local link. This option is enabled by default. |
ND Header Mismatch Validation |
Select this option to enable a mismatch check for the source MAC within the ND header and Link Layer Option. This option is disabled by default. |
RA Guard |
Select this option to enable router advertisements or ICMPv6 redirects from this VM interface. Router advertisements are periodically sent to hosts or sent in response to neighbor solicitation requests. The advertisement includes IPv6 prefixes and other subnet and host information. This option is disabled by default. |
Click Reset to revert to the last saved configuration.