Firewall rules control the types of network traffic that can be sent and received through a network gateway. The Configure MGW VPN wizard includes a step that creates the firewall rules typically needed by the SDDC side of the management network. You must take an additional step to create matching firewall rules in your on-premises management gateway.

By default, the management gateway is created with firewall rules that block all traffic. After you set up both sides of the management VPN, run the MGW Firewall Rules step of the Configure MGW VPN wizard, then run the Firewall Rules Accelerator to quickly set up remote firewall rules in your on-premises gateway. Setting these rules is a prerequisite for using Hybrid Linked Mode, performing workload migrations, and many other tasks.


  1. In the Configure MGW VPN wizard, run MGW Firewall Rules.

    After the MGW firewall rules have been created, click NEXT STEP to configure remote firewall rules.

  2. Navigate to the Network tab of your SDDC.
  3. Under Management Gateway, click IPsec VPNs.
  4. Click Firewall Rule Accelerator.

    The Firewall Rules Accelerator opens.

  5. From the VPN (Remote Network) drop-down menu, select the remote (on-premises) network that you want to create firewall rules for.

    The Firewall Rules Accelerator displays the rules that will be created.

  6. Click Create Firewall Rules to create these rules.

    Review the list of rules and select I have created the necessary firewall rules and click NEXT STEP.