Every new SDDC includes a default Tier-1 gateway named the Compute Gateway (CGW). You can create and configure additional Tier-1 gateways if you need them. Each Tier-1 gateway sits between the SDDC Tier-0 gateway and an arbitrary number of compute network segments

Additional Tier-1 gateways provide a way for an SDDC network administrator to dedicate workload network capacity to specific projects, tenants, or other units of administration within a VMware Cloud on AWS organization.


  1. Log in to VMware Cloud Services at https://vmc.vmware.com.
  2. Click Inventory > SDDCs, then pick an SDDC card and click VIEW DETAILS.
    You can also use the VMC Console Networking & Security tab for this workflow. The Networking & Security tab combines NSX-T Networking tab features like VPN, NAT, and DHCP with Security tab features like firewalls.
  4. Click Tier-1 Gateways > ADD TIER-1 GATEWAY, then give the new gateway a Name and optional Description.
  5. Specify the gateway Type.
    Type Traffic Pattern
    Routed Segment traffic is routed through the new gateway.
    Isolated Segment traffic cannot traverse the new gateway. Local segments can connect with each other. Segments are not added to the routing table.​
    NATted Segment traffic cannot traverse the new gateway until you create NAT rules for it (see Create or Modify NAT Rules). Local segments can connect with each other. Segments are not added to the routing table.​
  6. (Optional) Tag the new gateway.

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.

  7. Click SAVE to create or configure the gateway.
  8. Configure DHCP for the gateway.
    Click Set DHCP Configuration to open the DHCP Configuration page. The default DHCP configuration Type for a new gateway is No Dynamic IP Address Allocation. In this configuration, the gateway does not provide DHCP services. If you want the gateway to provide DHCP services, choose a Type of DHCP Server and specify a DHCP Server Profile. You can create a new profile or use an existing one. See Create or Modify a DHCP Profile.
  9. Click Additional Settings.
    Select an Ingress QoS Profile and an Egress QoS Profile for traffic limitations. These profiles are used to set information rate and burst size for permitted traffic. See Add a Gateway QoS Profile for more information on creating QoS profiles. VMware Cloud on AWS does not support IPv6, so the ND Profile and DAD Profile options do not apply.
  10. (Optional) Configure static routes for the gateway.

    This option is not available in the VMC Console Networking & Security tab.

    You can configure a non-default route for any type of gateway. A static default route ( can be configured only for an Isolated gateway. On the NSX Manager Networking tab, click Tier-1 Gateways. When you create or edit a Tier-1 gateway, click STATIC ROUTES to create or modify static routes and next hops for the gateway.