Which three methods can be used by the NSX Distributed …

Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three.)

Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three.)

A.
DHCP Snooping

B.
IP Sets

C.
Spoofguard configured for Trust on First Use.

D.
VMware Tools installed on every guest virtual machine.

E.
ARP Snooping

Explanation:
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2125437

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Matt

Matt

VMware NSX for vSphere 6.2.0 introduced the option to discover the virtual machine IP address using DHCP snooping or ARP snooping. These new discovery mechanisms enable NSX to enforce IP address-based security rules on virtual machines that do not have VMware Tools installed.

Reply

NSXFun

NSXFun

Older versions of NSX (before 6.2) used VMTools to discover the IP. Based on NSX 6.2 A-C-E is correct

Reply

Abtin

Abtin

Ensure that VMware Tools is running on the virtual machines if firewall rules do not use IP addresses. For more information, see Distributed Firewall Rules in VMware NSX for vSphere 6.0.x continues to apply with virtual machines even if VMware Tools is stopped or removed (2084048).
VMware NSX for vSphere 6.2.0 introduced the option to discover the virtual machine IP address using DHCP snooping or ARP snooping. These new discovery mechanisms enable NSX to enforce IP address-based security rules on virtual machines that do not have VMware Tools installed. For more information, see the NSX for vSphere 6.2.0 Release Notes

Reply