By default, the management gateway blocks traffic to all destinations from all sources. Add Management Gateway firewall rules to allow traffic as needed.
Management Gateway firewall rules specify actions to take on network traffic from a specified source to a specified destination. Sources and destinations can be defined as Any or as members of a system-defined or user-defined inventory group, but either the source or destination must be system-defined. See Add a Management Group for information about viewing or modifying inventory groups.
Procedure
Example: Create a Management Gateway Firewall Rule
- Create a management inventory group that contains the on-premises ESXi hosts that you want to enable for vMotion to the SDDC.
- Create a management gateway rule with source ESXi and destination on-premises ESXi hosts.
- Create another management gateway rule with source on-premises ESXi hosts group and destination ESXi with a vMotion service.
What to do next
You can take any or all of these optional actions with an existing firewall rule.
-
Click the gear icon to view or modify rule logging settings. Log entries are sent to the VMwarevRealize Log Insight Cloud Service. See Using vRealize Log Insight Cloud in the VMware Cloud on AWS Operations Guide.
-
Click the graph icon to view Rule Hits and Flow statistics for the rule.
Table 1. Rule Hits Statistics Popularity Index Number of times the rule was triggered in the past 24 hours. Hit Count Number of times the rule was triggered since it was created. Table 2. Flow Statistics Packet Count Total packet flow through this rule. Byte Count Total byte flow through this rule.