You can use either the NSX Web UI or the VMware Cloud Console Networking & Security tab to manage your SDDC networks.

NSX Manager supports a superset of the features found on the Networking & Security tab. See NSX Manager in the NSX Data Center Administration Guide for information about how to use NSX Manager.

Accessing NSX Manager

You can use a VPN to access the local NSX manager at its private IP address, or use any browser to access it over the Internet at its public IP address. See Open NSX Manager. You can also access the local NSX manager over Direct Connect.


Many NSX workflows start by telling you to "log in with admin privileges to an NSX Manager." When you click OPEN NSX MANAGER in the VMware Cloud Console and choose ACCESS VIA THE INTERNET, you can skip this step. This option gives you access to the SDDC NSX manager with the rights included in your VMware Cloud on AWS organization role. The NSX Cloud Admin role has admin access to NSX. The the NSX Cloud Auditor has read-only access to NSX. See Assign NSX Service Roles to Organization Members for more information on service roles and how to assign them.

If you click OPEN NSX MANAGER and log in to NSX via the internal network, your role is determined by your NSX credentials, not your organization role.

Workflow Navigation

The Networking & Security tab combines NSX Networking page features like VPN, NAT, and DHCP with Security page features like firewalls and features from other NSX pages including Inventory, Plan & Troubleshoot, and System. In this publication, references to NSX user interface items apply to both the NSX Manager Web UI and the VMware Cloud Console Networking & Security tab.

Use this table to map starting points for workflows in this publication to the appropriate items in the Networking & Security tab and NSX manager

Table 1. SDDC Network Administration Workflows
Workflow Networking & Security Tab NSX
Overview Overview Overview
Create or Modify a Network Segment Network > Segments Networking > Connectivity > Segments
Configure a VPN Connection Between Your SDDC and On-Premises Data Center Network > VPN Networking > Network Services > VPN
Create or Modify NAT Rules Network > NAT Networking > Network Services > NAT
Add a Custom Tier-1 Gateway to a VMware Cloud on AWS SDDC Network > Tier-1 Gateways Networking > Connectivity > Tier-1 Gateways
Configure a Multi-Edge SDDC With Traffic Groups Network > Transit Connect Networking > Cloud Services > Transit Connect
Configure AWS Direct Connect Between Your SDDC and On-Premises Data Center System > Direct Connect Networking > Cloud Services > Direct Connect
View Connected VPC Information and Troubleshoot Problems With the Connected VPC System > Connected VPC Networking > Cloud Services > Connected VPC
Request or Release a Public IP Address System > Public IPs Networking > Cloud Services > Public IPs
Configure DNS Services System > DNS Networking > IP Management > DNS
Configure Segment DHCP Properties System > DHCP Networking > IP Management > DHCP
Add or Modify Management Gateway Firewall Rules, Add or Modify Compute Gateway Firewall Rules Security > Gateway Firewall Security > Gateway Firewall
Add or Modify Distributed Firewall Rules Security > Distributed Firewall Security > Distributed Firewall
About NSX Advanced Firewall Features Security > Distributed IDS/IPS Security > Distributed IDS/IPS
Working With Inventory Groups Inventory Inventory
Configure Monitoring and Troubleshooting Features Tools Plan & Troubleshoot