Configuring the Secure-per-vNIC Component of Policy-per-vNIC

The Policy-per-vNIC feature includes an option that allows you to secure some of your vNICs and leave others unsecured. To use this option, you must enable Policy-per-vNIC. You use the Policy-per-vNIC pane on the Install Settings page to enable the feature and select the option. See

When you enable the Secure-per-vNIC option, the unit of configuration is the VM and port group. That is, if you select the Enable opt-out of firewalling per vNIC option, vNICs can not be secured individually if they belong to the same port group. This behavior protects against your having a secured and an unsecured connection to the same port group.

  1. Optionally, you can configure the system to allow you to not secure some vNICs on a VM whose other vNICs are secured with individual security policies. To enable this option, check the box before Enable opt-out of firewalling per vNIC.

    When new interfaces are added to a VM that includes vNICs that are not secured, the new vNICs are automatically secured. If you want them not to be secured, you must manually unsecure them. The following procedure explains how to remove security from a vNIC.