Follow this workflow to access managed VMs in the underlay mode.
At the time of deploying the PCG on your VPC or VNet, NSX Cloud creates default firewall rules to enhance the security of your workload VMs.
To access managed workload VMs in underlay mode you need to add a distributed firewall (DFW) rule that opens up access to the VM.
Do the following:
Open the NSX Manager console.
Add a rule with the following configurations. See Add a Firewall Rule for detailed instructions.
Provide a name to define the purpose of this rule, for example, AllowRemoteAccessToUnderlay.
Pick the logical switch or port or NSGroup that this VM is attached to or is a member of.
Pick remote-access services for this workload VM, for example, SSH for Linux, or RDP for Windows.