If you are using IP spaces, you can generate default SNAT, NO SNAT, and firewall rules on edge gateways in your environment.
VMware Cloud Director autoconfigures the SNAT, NO SNAT, and firewall rules depending on the topology of the relevant IP spaces and their external and internal scopes.
Rules are applied in specific order.
| Rule Type | Priority Order |
|---|---|
| NAT rules |
|
| Firewall rules | Firewall rules are applied in the following order.
|
- Default SNAT rule
- This rule indicates that all traffic can access the external scope of a specific IP space by using NAT. The autoconfigured source is any IP address or CIDR, and the autoconfigured destination is the external scope of the IP space.
- Default NO SNAT Rule
- A NO SNAT rule allows traffic to flow from the IP space internal scope to its external scope without NAT rules being applied.
- Associated Firewall Rule
- Default firewall rules are autoconfigured only after SNAT or NO SNAT rules are successfully generated. An associated firewall rule is created for each default SNAT and NO SNAT rule.
Prerequisites
- Verify that you are a system administrator or that your role includes the IP Spaces Default Gateway Services: Manage right.
- Verify that the edge gateway is connected to a provider gateway that has at least one IP space uplink.
- Verify that you configured the internal and external scopes for the IP spaces associated with the provider gateway.
- Verify that you configured the network topology for the IP spaces for which you want to configure NAT and firewall rules. See Configure the Network Topology For an IP Space in Your VMware Cloud Director.
Procedure
- From the top navigation bar, select Resources and click Cloud Resources.
- In the left panel, click Edge Gateways.
- Click the edge gateway.
- On the right of the edge gateway name, click Autoconfigure NAT/FW.
- Review the IP spaces for which NAT and firewall rules will be generated and click Autoconfigure.
