An administrator can configure NAT, firewall, and similar services on an existing Edge Gateway by updating its EdgeGatewayServiceConfiguration.
The Configuration element of an EdgeGateway includes an EdgeGatewayServiceConfiguration element, which can contain definitions of any of the services listed in Edge Gateways. Details of service configurations vary, but the mechanism is the same for creating or updating any Edge Gateway service. Note that some services require a reference to one or more Edge Gateway interfaces, and cannot be configured until those interfaces exist.
Prerequisites
Verify that you are logged in as an organization administrator or a role with equivalent set of rights.
Verify that your organization VDC contains an Edge Gateway. If it does not, a system administrator can create one.
Verify that the Edge Gateway is not an Advanced Gateway. If the EdgeGateway element that represents this Edge Gateway has an AdvancedNetworkingEnabled element whose value is true
, using the VMware Cloud Director API to configure Edge Gateway services can produce unexpected results. Use the VMware Cloud Director API for NSX instead. See VMware Knowledge Base article http://kb.vmware.com/kb/2147625
Procedure
Results
The server takes the requested action and returns a Task element that tracks the progress of the request.
When the task completes successfully, the EdgeGatewayServiceConfiguration element you POSTed replaces the one you copied in Step 3.
Example: Configure Services on an Edge Gateway
This example replaces the default firewall service on the Edge Gateway created in Create an Edge Gateway. For details about this FirewallService, see Firewall Service Configurations
This example replaces the default firewall service on an Edge Gateway. For details about this FirewallService, see Firewall Service Configurations
POST https://vcloud.example.com/api/admin/edgeGateway/2000/action/configureServices Content-Type: application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml ... <?xml version="1.0" encoding="UTF-8"?> <EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"> <FirewallService> <IsEnabled>true</IsEnabled> <DefaultAction>allow</DefaultAction> <LogDefaultAction>false</LogDefaultAction> <FirewallRule> <IsEnabled>true</IsEnabled> <Description>allow incoming ssh</Description> <Policy>allow</Policy> <Protocols> <Tcp>true</Tcp> </Protocols> <DestinationPortRange>22</DestinationPortRange> <DestinationIp>Internal</DestinationIp> <SourcePortRange>Any</SourcePortRange> <SourceIp>External</SourceIp> <EnableLogging>true</EnableLogging> </FirewallRule> <FirewallRule> <IsEnabled>true</IsEnabled> <Description>deny incoming telnet</Description> <Policy>drop</Policy> <Protocols> <Tcp>true</Tcp> </Protocols> <DestinationPortRange>23</DestinationPortRange> <DestinationIp>Internal</DestinationIp> <SourcePortRange>Any</SourcePortRange> <SourceIp>External</SourceIp> <EnableLogging>false</EnableLogging> </FirewallRule> </FirewallService> </EdgeGatewayServiceConfiguration>
202 Accepted Content-Type: application/vnd.vmware.vcloud.task+xml ... <Task href="https://vcloud.example.com/api/task/2120" ... status="running" operation="Updating services EdgeGateway theEdge(2000)" ... > </Task>