The compute gateway handles network traffic for your workload VMs. You can configure firewall rules, inbound NAT, VPN connections, DNS, and public IP addresses for your compute gateway. Create a Logical NetworkCreate logical networks to provide network access to workload VMs. Attach a VM to or Detach a VM from a Logical NetworkYou can connect and disconnect a single or multiple VMs from a logical network. Set Compute Gateway Firewall RulesBy default, the firewall for the compute gateway is set to deny all inbound and outbound traffic. Add additional firewall rules to allow traffic as needed. Create a Compute VPNConfigure a compute VPN to allow VMs in your SDDC to communicate securely with VMs in an on-premises data center or within an Amazon VPC. Create a VPN Connection Between the Compute Gateway and an Amazon VPCIf you need to connect VMs in your SDDC with resources in an Amazon VPC that isn't connected to your account using a cross-VPC ENI, you can create a VPN connection between your compute gateway and that VPC. Configure a Layer 2 VPNBy configuring an layer 2 VPN for your compute gateway, you enable the VLAN to be stretched between your on-premises data center and your cloud SDDC. This allows you to migrate VMs to your cloud SDDC without having to change their IP addresses. Set Compute Gateway DNSSet a DNS server to allow the compute gateway and workload VMs to resolve fully-qualified domain names (FQDNs) to IP addresses. Request Public IP AddressYou can request public IP addresses to assign to workload VMs to allow access to these VMs from the internet. VMware Cloud on AWS will provision the IP address from AWS. Configure NAT SettingsInbound Network Address Translation (NAT) allows you to map internet traffic to a public-facing IP address and port to a private IP address and port inside your SDDC's compute network.