You are unable to connect to the vSphere Client interface for your SDDC.

Problem

When you click the link on the connection tab to open the vSphere Client interface to vCenter Server, your browser reports that the site cannot be reached.

Cause

By default, the management gateway firewall is set to deny all traffic between the internet and vCenter Server. If you used the Firewall Rule Accelerator to create firewall rules for your Management Gateway, or used the MGW VPN wizard to create the management VPN and gateway, the required firewall rules should be created automatically. If you created your management network and gateway manually, be sure that the appropriate firewall rules are in place.

Solution

  1. Create the following firewall rules.
    Table 1. Firewall Rules Required for vCenter Access

    Use Cases

    Service

    Source

    Destination

    Provide access to vCenter Server from the internet.

    Use for general vSphere Client access as well as for monitoring vCenter Server

    HTTPS

    public IP address

    vCenter

    Provide access to vCenter Server over VPN tunnel.

    Required for Management Gateway VPN, Hybrid Linked Mode, Content Library.

    HTTPS

    IP address or CIDR block from on-premises data center

    vCenter

    Provide access from cloud vCenter Server to on-premises services such as Active Directory, Platform Services Controller, and Content Library.

    Any

    vCenter

    IP address or CIDR block from on-premises data center.