By default, the firewall for the compute gateway is set to deny all inbound and outbound traffic. Add additional firewall rules to allow traffic as needed.

Procedure

  1. Log in to the VMC Console at https://vmc.vmware.com.
  2. Click View Details on the SDDC card.
  3. Click Network.
  4. Under Compute Gateway, click Firewall Rules.
  5. Click Add Rule.
  6. Enter the rule parameters.

    Option

    Description

    Rule Name

    Give the rule a descriptive name.

    Action

    Select Allow or Deny.

    Source

    Select the source for the network traffic.

    • Enter an IP address, an IP address range, or Any if you want the rule to apply to all traffic.

    • Select All Internet and VPN if you want the rule to apply to all traffic from the internet and the compute gateway VPN.

    • Select All Connected AWS VPC if you want the rule to apply to traffic from the connected Amazon VPC.

    Destination

    Select the destination for the network traffic.

    • Enter an IP address, an IP address range, or Any if you want the rule to apply to all traffic.

    • Select All Internet and VPN if you want the rule to apply to all traffic to the internet and the compute gateway VPN.

    • Select All Connected AWS VPC if you want the rule to apply to traffic to the connected Amazon VPC.

    Service

    Select one of the following:

    • Select Any to create a rule that applies to all traffic, regardless of protocol or port used.

    • Select a specific service to create a rule that applies to that protocol and port.

    • Select Custom TCP, Custom UDP, or Custom ICMP to create a rule that applies to a service and/or port that is not available in the dropdown menu.

    Ports

    If you selected a custom TCP, UDP, or ICMP service, enter the port number used by this service.

  7. Use the up and down arrow icons to adjust the ordering of the firewall rules.

    Firewall rules are applied in order from top to bottom.