Firewall Rules for
To enable on
your SDDC environment that uses
VMware
NSX-T
®, you must create
firewall rules between your on-premises data center and the Management Gateway. After the
initial firewall rules configuration, you can add, edit, or delete any rules as needed. Verify that you have activated
on the SDDC.
Add the following firewall
rules.
Name | Source | Destination | Service | Action |
|---|---|---|---|---|
Remote SRM to vCenter
Server | User-Defined Group that includes the remote
IP address. | vCenter | HTTPS (TCP 443) | Allow |
Remote VR to vCenter
Server | User-Defined Group that includes the remote
IP address. | vCenter | HTTPS (TCP 443) | Allow |
Remote network to SRM
(SRM Server Management) | User-Defined Group that includes the remote
and IP addresses. | VMware Site Recovery SRM | Allow | |
Remote network to VR
(VM Replication) | User-Defined Group that includes the remote
ESXi hosts IP addresses. | VMware Site Recovery vSphere Replication | Allow | |
Remote network to VR
(VR Server Management) | or User-Defined Group that includes the remote
and IP addresses. | VMware Site Recovery vSphere Replication | Allow | |
Remote network to VR
(UI and API) | User-Defined Group that includes the remote
browser IP address. | VMware Site Recovery vSphere
Replication | Allow | |
SRM (HTTPS) to remote network | Any or User-Defined Group that includes the
remote Platform Services Controller and vCenter
Server IP addresses. | HTTPS (TCP 443) | Allow | |
VR (HTTPS) to remote network | Any or User-Defined Group that includes the remote
Platform Services Controller and vCenter
Server IP addresses. | HTTPS (TCP 443) | Allow | |
SRM (SRM Server Management) to remote
network | Any or User-Defined Group that includes the
remote IP address. | VMware Site Recovery SRM | Allow | |
VR (SRM Server Management) to remote
network | Any or User-Defined Group that includes the remote
IP address. | VMware Site Recovery SRM | Allow | |
ESXi (VM Replication) to
remote network | ESXi | Any or User-Defined Group that includes the
remote IP addresses (combined
appliance and any add-on appliances). | VMware Site Recovery vSphere Replication | Allow |
SRM (VR Server Management) to remote
network | Any or User-Defined Group that includes the
remote IP address. | VMware Site Recovery vSphere Replication | Allow | |
VR (VR Server Management) to remote
network | Any or User-Defined Group that includes the remote
IP address. | VMware Site Recovery vSphere Replication | Allow |
After the firewall rules are created, they
are shown in the Management Gateway Edge Firewall list.