Example Management
Gateway Firewall Rules
Some common
firewall rule configurations include opening access to the
vSphere Client
from the internet, allowing access to
vCenter
through the management VPN tunnel, and allowing remote console access.
Commonly Used Firewall
Rules
The following table shows the
Service, Source, and Destination settings for commonly-used firewall rules.
Use Cases
| Service
| Source
| Destination
|
|---|---|---|---|
Provide access to
vCenter
from the internet.
Use for general
vSphere Client
access as well as for monitoring
vCenter | HTTPS
| public IP address
| vCenter
|
Provide access to
vCenter
over VPN tunnel.
Required for
Management Gateway VPN, Hybrid Linked Mode, Content Library.
| HTTPS
| IP address or CIDR block from on-premises
data center
| vCenter
|
Provide access from cloud
vCenter
to on-premises services such as Active Directory, Platform Services Controller,
and Content Library.
| Any
| vCenter
| IP address or CIDR block from on-premises
data center.
|
Provisioning operations involving network
file copy traffic, such as cold migration, cloning from on-premises VMs,
snapshot migration, replication, and so on.
| Provisioning
| IP address or CIDR block, either public or
from an on-premises data center connected by a VPN tunnel
| ESXi Management
|
VMRC remote console access
Required for
vRealize Automation | Remote Console
| IP address or CIDR block, either public or
from an on-premises data center connected by a VPN tunnel
| ESXi Management
|
vMotion traffic over VPN
| Any
| ESXi Management
| IP address or CIDR block from on-premises
data center
|