SDDC Management Gateway Firewall Rules for Cold Migration
Ensure that the following SDDC management gateway firewall rules are configured. See Add or Modify Compute Gateway Firewall Rules in VMware Cloud on AWS Networking and Security.
|Provide on-premises vSphere Client and monitoring access to the SDDC vCenter Server.||remote (on-premises) vSphere Client IP address||vCenter||HTTPS|
|Allow outbound vCenter Server access to on-premises vCenter Server.||vCenter||remote (on-premises) vCenter Server IP address||Any (All Traffic)|
|Allow SSO to vCenter Server||remote (on-premises) Platform Services Controller IP address||vCenter||SSO (TCP 7444)|
|ESXi NFC traffic||remote (on-premises) ESXi VMkernel networks used for NFC.||ESXi||Provisioning (TCP 902)|
|Allow outbound ESXi access to on-premises ESXi||ESXi||remote (on-premises) ESXi management VMkernel networks||Any (All Traffic)|
On-Premises Firewall Rules for Cold Migration
Ensure that the following rules are configured in your on-premises firewall.
|On-premises to vCenter Server||Allow||remote (on-premises) vSphere Client subnet||VMware Cloud on AWS vCenter Server IP address||HTTPS||443|
|Remote to ESXi provisioning||Allow||remote (on-premises) subnet||SDDC management subnet||TCP||902|
|Cloud SDDC to on-premises vCenter Server||Allow||CIDR block for cloud SDDC management network||On-premises vCenter Server||HTTPS||443|
|Cloud SDDC to ESXi Remote Console||Allow||CIDR block for cloud SDDC management network||VMware Cloud on AWS vCenter Server IP address||TCP||902|
|Cloud SDDC to Remote LDAP (Required for HLM only)||Allow||CIDR block for cloud SDDC management network||Remote LDAP Server||TCP||389, 636|