The compute gateway handles network traffic for your workload VMs. You can configure firewall rules, inbound NAT, VPN connections, DNS, and public IP addresses for your compute gateway. Create a Logical NetworkCreate logical networks to provide network access to workload VMs. Attach a VM to or Detach a VM from a Logical NetworkYou can connect and disconnect a single or multiple VMs from a logical network. Set Compute Gateway Firewall RulesBy default, the firewall for the compute gateway is set to deny all inbound and outbound traffic. Add additional firewall rules to allow traffic as needed. Create a Compute VPNConfigure a compute VPN to allow VMs in your SDDC to communicate securely with VMs in an on-premises data center or within an Amazon VPC. Create a VPN Connection Between the Compute Gateway and an Amazon VPCIf you need to connect VMs in your SDDC with resources in an Amazon VPC that isn't connected to your account using a cross-VPC ENI, you can create a VPN connection between your compute gateway and that VPC. Configure an Extended Network and Layer 2 VPNA VMware Cloud on AWS extended network uses a layer 2 Virtual Private Network (L2VPN) to extend an on-premises network to one in your cloud SDDC. This extended network is a single subnet with a single broadcast domain, so you can migrate VMs to and from your cloud SDDC without having to change their IP addresses. View VPN Tunnel Status and StatisticsThe VMC Console provides status and statistics for Management Gateway and Compute Gateway IPsec VPNs and for Compute Gateway L2VPNs. Set Compute Gateway DNSSet a DNS server to allow the compute gateway and workload VMs to resolve fully-qualified domain names (FQDNs) to IP addresses. Request Public IP AddressYou can request public IP addresses to assign to workload VMs to allow access to these VMs from the internet. VMware Cloud on AWS will provision the IP address from AWS. Configure NAT SettingsInbound Network Address Translation (NAT) allows you to map internet traffic to a public-facing IP address and port to a private IP address and port inside your SDDC's compute network.