The Firewall Rule Accelerator helps create appropriate firewall policies in the management gateway. This enables communication over the IPsec VPN tunnel with key management infrastructure components such as vCenter Server and ESXi from your on-premises data center.

After you set up an IPsec VPN for the Management Gateway, you can use the Firewall Rules Accelerator to quickly set up the firewall rules. Setting these rules is a prerequisite for using Hybrid Linked Mode, performing workload migrations, and many other tasks.


Configure a Management Gateway VPN. See Create a Management VPN in your SDDC.


  1. Log in to the VMC Console at
  2. Navigate to the Network tab of your SDDC.
  3. Under Management Gateway, click IPsec VPNs.
  4. Click Firewall Rule Accelerator.

    The Firewall Rules Accelerator opens.

  5. From the VPN (Remote Network) drop-down menu, select the remote (on-premises) network that you want to create firewall rules for.

    The Firewall Rules Accelerator displays the rules that will be created.

  6. Click Create Firewall Rules to create these rules.


After the firewall rules are created, they are shown in the Management Gateway Firewall Rules list. You can edit or delete any rules as needed.

If you change your remote VPN network, you can use the Firewall Rules Accelerator to create new firewall rules, but it does not update any already existing rules. You must delete or modify those rules manually.