Network security policies are:
- Promisicous mode
- MAC Address changes
- Forged Transmits
Promisicous Mode: It is set to reject by default but we set it to accept to view the traffic flowing through the entire vSwitch. Promisicous mode will allow you to sniffing and capturing all the traffic of the virtual machines going through vSwitch. We can set to accept for individual port group and it will only allow to capture the traffic of VM port group which is in same VLAN.
MAC Address Changes: By defaullt, it is set to accept which allows the operating system to change the MAC address. If you set to reject mode, it will verify whether the MAC address is changes or not and if it is changed then assigned MAC address will disable the network connectivity and port will no longer able to connect until you set to accept.
Forged Transmits: By default, it is also set to accept which allows the network traffic to be flowed from vSwitch if source MAC address is still not matching. If it is set to Reject then it will compare the source MAC address with the acutual MAC address of VM NIC if it finds that finds that source MAC address is changed then it will drop the network packets.