To protect traffic to and from an edge gateway, you can create and manage firewall rules on that edge gateway.

For information about protecting traffic traveling between virtual machines in an organization virtual data center, see Managing NSX Data Center for vSphere Distributed Firewall Rules Using the VMware Cloud Director Tenant Portal.

Rules created on the distributed firewall screen that have an advanced edge gateway specified in their Applied To column are not displayed in the Firewall screen for that advanced edge gateway .

The edge gateway firewall rules for an edge gateway are displayed in the Firewall screen and are enforced in the following order:

  1. Internal rules, also known as auto-plumbed rules. These internal rules enable control traffic to flow for edge gateway services.
  2. User-defined rules.
  3. Default rule.

The default rule settings apply to traffic that does not match any of the user-defined firewall rules. The default rule is displayed at the bottom of the rules on the Firewall screen.

In the tenant portal, use the Enable toggle on the Firewall Rules screen of the edge gateway to activate or deactivate an edge gateway firewall.