You are unable to connect to the vSphere Client interface for your SDDC.

Problem

When you click the link on the connection tab to open the vSphere Client interface to vCenter, your browser reports that the site cannot be reached.

Cause

By default, the management gateway firewall is set to deny all traffic between the internet and vCenter. Verify that the appropriate firewall rules are in place.

Solution

  • Create the following firewall rules.
    Table 1. Firewall Rules Required for vCenter Access
    Use Cases Service Source Destination
    Provide access to vCenter from the internet.

    Use for general vSphere Client access as well as for monitoring vCenter .

    HTTPS public IP address vCenter
    Provide access to vCenter over VPN tunnel.

    Required for Management Gateway VPN, Hybrid Linked Mode, Content Library.

    HTTPS IP address or CIDR block from on-premises data center vCenter
    Provide access from cloud vCenter to on-premises services such as Active Directory, Platform Services Controller, and Content Library. Any vCenter IP address or CIDR block from on-premises data center.