To access the Virtual Machine Remote Console (VMRC) on VMs in your cloud SDDC, ensure that you have configured a management gateway firewall rule that allows access to vCenter Server on port 443.

Default firewall rules prevent access to ESXi in a new SDDC. To access VMRC, you must create a management gateway firewall rule. See Add or Modify Management Gateway Firewall Rules in the VMware Cloud on AWS Networking and Security guide for more information.


If your SDDC is at version 1.13 or later, you can use the VMware Remote Console proxy proxy for vSphere (VMRC proxy), a service enabled by default in the SDDC vCenter Server that simplifies the establishment of VMRC connections to workload VMs.


Your on-premises data center must have connectivity to the SDDC via Direct Connect or a VPN before you can use VMRC.


  1. Log in to the VMC Console at
  2. On the Networking & Security tab, click Gateway Firewall.
  3. On the Gateway Firewall card, click Management Gateway, then click ADD RULE and give the new rule a Name.
  4. Create a rule to enable access to ESXi on port 902.
    Option Description
    Source IP address or CIDR block, either public or from a connected on-premises data center.
    Destination Select ESXi under System Defined Groups.
    Services Provisioning and Remote Console (TCP 902)
  5. Click PUBLISH to create the rule.