After synchronizing with the vCenter Server, NSX Manager collects the IP addresses of all vCenter guest virtual machines from VMware Tools on each virtual machine, or from IP discovery if it is enabled. NSX does not trust all IP addresses provided by VMware Tools or IP discovery. If a virtual machine has been compromised, the IP address can be spoofed and malicious transmissions can bypass firewall policies.
SpoofGuard allows you to authorize the IP addresses reported by VMware Tools or IP discovery, and alter them if necessary to prevent spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines collected from the VMX files and vSphere SDK. Operating separately from the Firewall rules, you can use SpoofGuard to block traffic identified as spoofed.
For more information, see Using SpoofGuard.