Maintaining the safety and security of your SDDC management infrastructure is critical. By default, the management gateway blocks traffic to all management network destinations from all sources. You must add management gateway firewall rules to allow secure traffic from trusted sources.


  1. Access NSX Manager Through the Internet.
  2. Click Security > Management Gateway > Add Rule.
    Important: If your SDDC version is 1.16 or later, the Networking & Security tab is unavailable. Log in to NSX Manager to manage your SDDC networks.
  3. Add the following rules:
    1. Source: Any

      Although you can select Any as the source address in a firewall rule, using Any as the source address in this firewall rule can enable attacks on your NSX Manager and may lead to compromise of your SDDC. As a best practice, configure this firewall rule to allow access only from trusted source addresses. See VMware Knowledge Base article 84154.

    2. Destination: NSX Manager
    3. Services: ICMP (ALL ICMP) and HTTPS (TCP 443)
    4. Action: Allowed
    5. Logging: Enabled