Maintaining the safety and security of your SDDC management infrastructure is critical. By default, the management gateway blocks traffic to all management network destinations from all sources. You must add management gateway firewall rules to allow secure traffic from trusted sources.

Procedure

  1. Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.
  2. Launch the VMware Cloud on Dell EMC service.
  3. Click the SDDC name or expand your SDDC and click View Details.
    If you have multiple SDDCs, you can Search Your SDDC.
  4. Click Network > Networking & Security > Gateway Firewall.
    Important: If your SDDC version is 1.16 or later, the Networking & Security tab is unavailable. Log in to NSX Manager to manage your SDDC networks.
    Figure 1. Gateway Firewall Page
  5. Click Add New Rule.
  6. Add the following vCenter Inbound Rules:
    1. Source: An IP address or CIDR block within your organization.
      Important:

      Although you can select Any as the source address in a firewall rule, using Any as the source address in this firewall rule can enable attacks on your vCenter Server and may lead to compromise of your SDDC. As a best practice, configure this firewall rule to allow access only from trusted source addresses. See VMware Knowledge Base article 84154.

    2. Destination: vCenter
    3. Services: ICMP (ALL ICMP) and HTTPS (TCP 443)
    4. Action: Allowed
    5. Logging: Enabled