Add Management Gateway Firewall
RulesLast Updated January 20, 2025
Maintaining the safety and
security of your SDDC management infrastructure is critical. By default, the management
gateway blocks traffic to all management network destinations from all sources. You must add
management gateway firewall rules to allow secure traffic from trusted sources.
- Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.
- Launch theVMware Cloud on Dellservice.
- Click the required SDDC name.
- Click .
- On theGateway Firewallcard, clickManagement Gateway
- To add a rule, clickADD RULEand give the new rule aName.
- Enter the parameters for the new rule.Parameters are initialized to their default values (for example,AllforSourcesandDestinations). To edit a parameter, move the mouse pointer over the parameter value and click the pencil icon (
) to open a
parameter-specific editor.
- Sources: Do the following:
- SelectAnyto allow traffic from any source address or address range.Although you can select Any as the source address in a firewall rule, using Any as the source address in this firewall rule can enable attacks on yourvCenter Serverand may lead to compromise of your SDDC. As a best practice, configure this firewall rule to allow access only from trusted source addresses. See VMware Knowledge Base article 84154.
- SelectSystem Defined Groupsand selectvCenterto allow traffic from your SDDC's vCenter Server.
- Destinations: Do the following:
- SelectAnyto allow traffic to any destination address or address range.
- SelectSystem Defined Groupsand selectvCenterto allow traffic from your SDDC's vCenter Server.
The new rule is enabled by default. - 按一下發佈以建立規則。系統會為新規則提供整數識別碼值,該值將用於規則所產生的記錄項目。依序自上而下套用防火牆規則。由於底部的預設捨棄規則,且上面的規則始終為允許規則,管理閘道防火牆規則順序對流量沒有影響。