[VMC] Cloud SDDC traffic impacted after SDDC upgrade
search cancel

[VMC] Cloud SDDC traffic impacted after SDDC upgrade


Article ID: 312511


Updated On:


VMware Cloud on AWS VMware Cloud on Dell EMC


To provide the steps to resolve VMC communication when using a PBVPN and SDDC versions newer than 1.10.

The VMware Cloud (VMC) SDDC was recently upgraded from 1.10 to a new version and is using a Policy Based VPN (PBVPN). After the upgrade, the gateway firewall is no longer allowing external traffic through.


On VMC SDDC versions 1.10 or older and using a PBVPN, the gateway firewall rule could apply to the VPN Tunnel Interface (VTI). This was not intended and VMC SDDC versions 1.12 or newer will not work using this configuration.


To prevent or correct this issue across all VMC SDDC versions, create or modify any PBVPN rules to apply to the VPC Interface, Internet Interface, or All Uplinks

When applied to the VTI, the rule will apply to traffic over a Route Based VPN (RPVPN) and not the PBVPN. 

This VMware documentation explains the Compute Gateway Firewall Rules and how they are applied: Add or Modify Compute Firewall Rules