You are unable to connect to the vSphere Client interface for your SDDC.


When you click the link on the connection tab to open the vSphere Client interface to vCenter Server, your browser reports that the site cannot be reached.


By default, the management gateway firewall is set to deny all traffic between the internet and vCenter Server. Verify that the appropriate firewall rules are in place.


  • Create the following firewall rules.
    Table 1. Firewall Rules Required for vCenter Access
    Use Cases Service Source Destination
    Provide access to vCenter Server from the internet.

    Use for general vSphere Client access as well as for monitoring vCenter Server .

    HTTPS public IP address vCenter
    Provide access to vCenter Server over VPN tunnel.

    Required for Management Gateway VPN, Content Library.

    HTTPS IP address or CIDR block from on-premises data center vCenter
    Provide access from cloud vCenter Server to on-premises services such as Active Directory, Platform Services Controller, and Content Library. Any vCenter IP address or CIDR block from on-premises data center.