Ensure that the vSwitch Promiscuous Mode policy is set to reject

Details

http://kb.vmware.com/kb/1004099

Solution

Using the vSphere Client, connect to the vCenter Server and as administrator-1. Go to ‘Home > Inventory > Hosts and clusters’.
2. Select each ESXi host with active virtual switches connected to active VM’s requiring
securing.
3. Go to tab ‘Configuration > Network > vSwitch name > Properties > Ports > vSwitch >
Default Policies > Security’
4. Set ‘Promiscuous Mode’ = ‘Reject’Additionally, perform the following to implement the recommended configuration state via
the ESXi shell-# esxcli network vswitch standard policy security set -v vSwitch2 -p false

Impact-Security devices that require the ability to see all packets on a vSwitch will not operate
properly if the Promiscuous Mode parameter is set to Reject.

Default Value-The prescribed state is the default state.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/902

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.

References

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles