FAQ

I don't know how to create the NAT rule in vCloud Director tenant portal (edge > edge service gateway).

(:Last updated)

Edge - edge service gateway is the virtual network appliance (Layer 3 network) working in the organization virtual datacenter provided as "managed v platform Powered by VMware" menu.
Customer can connect the external network/network to the edge - edge service gateway.
In the edge - edge service gateway, the network functions such as firewall / DHCP / NAT/routing / loadbalancer / VPN are available.
By using NAT in the edge - edge service gateway, Customer can change the "destination and source IP address" and the "destination and source port" of the IP packets which go through the edge - edge service gateway.

#1) If Customer uses the firewall and NAT together, as the process order, the IP packets are dealt with by firewall at first and then by NAT.
If Customer needs to change the IP address and port by using NAT, Customer needs to configure the firewall rule to accept the IP packet which "destination and source IP address" and "destination and source port" are not yet translated by NAT.

Create role
・Edge
・Edge
・Constitution of service
【画像】

・NAT
・Nat 44 role
【画像】
・DNAT role
・If you choose this, create the DNAT role in edge - edgeservice gateway.
・Can't create the DNAT role in edge - separate logical router.
・SNAT role
・If you choose this, create the SNAT role in edge - edgeservice gateway.
・Can't create the SNAT role in edge - separate logical router.

If DNAT role
・Add the DNAT role
【画像】
・Apply target
・Choose the source network.
・Do DNAT the IP packets coming from the selected network to the edge - edge service gateway.

・Ex-IP / range
・Input the before exchange destination IP address.
・Do DNAT the IP packets coming by the input destination IP address to the edge - edge service gateway.

・Protocol
・Select the protocol
・Do DNAT the IP packets coming by the selected protocol to the edge - edge service gateway.

・Ex-port
・Select / input the before exchange destination port.
・Do DNAT the IP packets coming by the selected / input destination port to the edge - edge service gateway.

・(Protocol: if ICMP) ICMP type
・Select the ICMP type
・Do DNAT the IP packets coming by the selected ICMP type to the edge - edge service gateway.

・Exchanged IP
・Input the after exchange destination IP address.

・exchanged port
・select / input the after exchange destination port.

・Valid
・Valid
・Enable the role.
・Invaild
・Disable without deleting the rule.

・Enable Logging
・Vaild
・Enable Logging
・Invaild
・Disable logging

If SNAT role
・Add the SNAT role
【画像】
・Apply target
・Choose the destination network.
・Do SNAT the IP packets coming from the selected network to the edge - edge service gateway.

・Ex-source IP / range
・Input the before exchange source IP address.
・Do SNAT the IP packets coming by the input source IP address to the edge - edge service gateway.

・Exchanged source IP / range
・Input the after exchange source IP address.

・Valid
・Valid
・Enable the role.
・Invaild
・Disable without deleting the rule.

・Enable Logging
・Vaild
・Enable Logging
・Invaild
・Disable logging

We appreciate your cooperation in improving the site

Did this FAQ be helpful? If you have any comments, please let us know.

Thank you

Your feedback has been received.