In todays blog ill talk about the VMC on AWS Gateway Firewall rules .
The gateway firewall is stateful and protects all north-south traffic.
In the VMware Cloud on AWS SDDC, you configure firewall rules on the Tier-1 gateways:
Management
Compute.
Firewall rules are sets of instructions that determine whether the network traffic should be blocked or allowed based on specific criteria.
Note : All firewall rules can send logs to VMware vRealize Log Insight CloudTM, if logging is enabled.
MANAGEMENT GATEWAY FIREWALL :
Maintaining the safety and security of your SDDC management infrastructure is critical.
By default, the management gateway firewall blocks traffic to all management network destinations from all sources. The rule called Default Deny All drops all network traffic.
You must add rules to allow secure traffic from trusted sources. For example, you should create a rule that allows VMware vSphere® ClientTM users to access VMware vCenter Server®. The rule called vCenter Inbound is an example of such a rule. The vCenter Inbound rule allows HTTPS traffic from MgmtGroup to vCenter Server. MgmtGroup is a group of IP addresses from which you plan on using vSphere Client.
COMPUTE GATEWAY FIREWALL :
By default, the compute gateway blocks traffics to all uplinks. The rule called Default Uplink Rule drops all network traffic.
Add compute gateway firewall rules to allow traffic as needed. These rules specify actions to take on network traffic from a specified source to a specified destination.
Comments