VM Security Settings

To set VM interface security settings for a NX service platform profile:

  1. Select the Security tab.

    Click to expand in new window
  2. Refer to the Access Control field. IP Inbound and MAC Inbound address firewall rules are required.

    Use the IP Inbound Firewall Rules and MAC Inbound Firewall Rules drop-down menus to select the firewall rules to apply to this profile‘s VM interface configuration.

    The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances.

    If a firewall rule does not exist suiting the data protection needs of the target VM interface configuration, select the Create icon to define a new rule configuration, or the Edit icon to modify an existing firewall rule configuration.

  3. Refer to the Trust field to define the following:

    Trust ARP Responses

    Select this option to enable ARP trust on this VM interface. ARP packets received on this port are considered trusted, and information from these packets is used to identify rogue devices. The default value is disabled.

    Trust DHCP Responses

    Select this option to enable DHCP trust on this VM interface. If enabled, only DHCP responses are trusted and forwarded on this VM interface, and a DHCP server can be connected only to a DHCP trusted port. The default value is enabled.

    ARP header Mismatch Validation

    Select this option to enable a source MAC mismatch check in both the ARP and Ethernet header. The default value is enabled.

    Trust 802.1p COS values

    Select this option to enable 802.1p COS values on this VM interface. The default value is enabled.

    Trust IP DSCP

    Select this option to enable IP DSCP values on this VM interface. The default value is enabled.

  4. Select OK to save the changes to the VM interface security configuration. Select Reset to revert to the last saved configuration.