Starting with VMware Cloud Director 10.5.1, as a service provider, you can use the topology intentions feature to instruct VMware Cloud Director how to handle services configuration within the network stack for each provider gateway.

You configure your topology intentions on the provider gateway, and you can edit them later, if necessary.

Changing the provider gateway's topology intention settings does not affect any existing configuration components. However, if the topology intentions configuration includes specific restriction, for example, if you want only the IP spaces associated with an IP space uplink to be advertised, this setting will be enforced across the existing configuration.

To indicate your topology intent, you configure two types of settings - route advertisement intentions and NAT and firewall intentions.

NAT and Firewall Service Intentions

NAT and firewall service intentions indicate whether these services can be configured on edge gateways, on provider gateways, or both.

By default, NAT and firewall are configurable only on edge gateways.

Intention Description
Provider Gateways NAT and firewall are managed only on the provider gateways.
Edge Gateways

This is the only available option for public provider gateways.

NAT and firewall rules are managed only on edge gateways.

Provider and Edge Gateways NAT and firewall rules are configured both on provider gateways and edge gateways.

Prerequisites

  • Verify that your provider gateway is private, i.e. that it is dedicated to a single organization. If a provider gateway is public, you can view it's topology configuration but you cannot edit it.
  • Verify that your role includes the Provider Network:Edit right.

Procedure

  1. From the top navigation bar, select Resources and click Cloud Resources.
  2. In the left pane, click Provider Gateways.
  3. Click the provider gateway.
  4. Under Topology Intentions, click NAT and Firewall.
  5. Click Edit.
  6. Select an option and click Save.