VMWare ESXi - Desktop Client

Configuring the virtual switch provided with VMware ESXi for monitoring uses a port group set for promiscuous mode. Only attach VMs to this port group that will be used to monitor the traffic. Any VM using this port group has the ability to monitor all traffic.

Configure the ESX Management Portal

The following steps are performed on the ESX Management Portal.

1. Log in to the ESX management portal and navigate to the Configuration tab for the ESXi host.
2. From the Hardware list, select Networking. Click Properties.

   

3. Under the Ports tab, click Add to create a new port group.

   

4. Select Virtual Machine.

   

5. Click Next.
6. Set a descriptive name for the new port group and a VLAN ID, if desired. Setting the VLAN ID to 4095 utilizes the special VMware VLAN to monitor all other VLANs.

   

7. Click Next and then Finish. You return to the Properties page.
8. Select your new port group and click Edit.

   

9. On the port group properties page, select the Security tab and click on the checkbox next to Promiscuous Mode.
10. From the drop-down menu select Accept.

    

11. Click OK.

Configure the NNM VM

The following steps are performed on the Properties tab of the NNM VM within the VM platform. For further guidance on configuring NNM please refer to the NNM User Guide available on Tenable NNM Docs page.

1. Navigate to the Properties tab of the NNM VM within the VM Platform.

   

2. In the Properties area of the adapter settings, set the network connection’s Network Label field to the newly created port group.

   

3. Click OK.
4. Start the NNM VM and configure the NNM to use the promiscuous network adapter for monitoring.
5. Start (or restart) the NNM service with the new settings. Network traffic on the virtual switch is now collected by the NNM.