In the VMC Console, you can configure firewall rules, configure an IPsec VPN, and configure DNS for the management gateway. Set Management Gateway Firewall RulesBy default, the firewall for the management gateway is set to deny all inbound and outbound traffic. Add additional firewall rules to allow traffic as needed. Example Management Gateway Firewall RulesSome common firewall rule configurations include opening access to the vSphere Client from the internet, allowing access to vCenter Server through the management VPN tunnel, and allowing remote console access. Set Management Gateway DNSSet a DNS server to allow the management gateway, ESXi hosts, and management VMs behind the DNS to resolve fully-qualified domain names (FQDNs) to IP addresses. Recommended On-Premises VPN SettingsYou need to use specific settings with your on-premises router to ensure that your VPN connection is created successfully. Mapping NSX Parameters to VMC Console VPN ParametersThe table below matches terms for VPN parameters used in NSX Edge configuration to the terms used in the VMC Console. Create a Management VPNConfigure an IPsec VPN between your on-premises data center and cloud SDDC to allow easier and more secure communication between the two. Change the Management Gateway FQDN ResolutionYou can change how the Management Gateway performs FQDN resolution. You can use a private IP, resolvable from the VPN you set up, or to use a public IP from the Internet.