Configure the NSX Distributed Firewall to deny outbound IP packets that contain an illegitimate address in the source address field. You perform the procedure for the two NSX Manager nodes in Region B.

Procedure

  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Settings Value
    URL https://lax01m01vc01.lax01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. From the Menu of the vSphere Web Client, select Networking and Security.
  3. In the Navigator, select SpoofGuard.
  4. NIST80053-VI-NET-CFG-00324 Enable the preconfigured spoof guard default policy.
    1. On the SpoofGuard page, select the 172.17.11.65 Secondary NSX Manager, select the Default policy, and click Edit.
    2. In the Edit Policy dialog box, turn on the Enable toggle switch and click Finish.
  5. Repeat this procedure for the 172.17.11.66 NSX Manager for the shared edge and compute cluster in Region B.