Add Management Gateway Firewall Rules

Maintaining the safety and security of your SDDC management infrastructure is critical. By default, the management gateway blocks traffic to all management network destinations from all sources. You must add management gateway firewall rules to allow secure traffic from trusted sources.
  1. Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.
  2. Launch the
    VMware Cloud on Dell
    service.
  3. Click the required SDDC name.
  4. Click
    Network
    Network & Security
    Gateway Firewall
    .
  5. On the
    Gateway Firewall
    card, click
    Management Gateway
  6. To add a rule, click
    ADD RULE
    and give the new rule a
    Name
    .
  7. Enter the parameters for the new rule.
    Parameters are initialized to their default values (for example,
    All
    for
    Sources
    and
    Destinations
    ). To edit a parameter, move the mouse pointer over the parameter value and click the pencil icon () to open a parameter-specific editor.
    • Sources
      : Do the following:
      1. Select
        Any
        to allow traffic from any source address or address range.
        Although you can select Any as the source address in a firewall rule, using Any as the source address in this firewall rule can enable attacks on your
        vCenter Server
        and may lead to compromise of your SDDC. As a best practice, configure this firewall rule to allow access only from trusted source addresses. See VMware Knowledge Base article 84154.
      2. Select
        System Defined Groups
        and select
        vCenter
        to allow traffic from your SDDC's vCenter Server.
    • Destinations
      : Do the following:
      1. Select
        Any
        to allow traffic to any destination address or address range.
      2. Select
        System Defined Groups
        and select
        vCenter
        to allow traffic from your SDDC's vCenter Server.
    The new rule is enabled by default.
  8. Click
    PUBLISH
    to create the rule.
    The system gives the new rule an integer
    ID
    value, which is used in log entries generated by the rule.
    Firewall rules are applied in order from top to bottom. Because there is a default
    Drop
    rule at the bottom and the rules above are always
    Allow
    rules, management gateway firewall rule order has no impact on traffic flow.