Symptoms:

• Source NAT with a translated IP range is configured on an NSX for vSphere Edge gateway.
• Edge gateway firewall service is disabled.
• No traffic passes through the Edge gateway from the internal virtual machines.

VMware Cloud Director for Service Provider 9.x

As part of the continuing development towards exposing additional features of the NSX interface to vCloud Director, changes were made to make vCloud Director more like the NSX product line.

A message was added to the HTML5 client (advanced gateways in vCloud Director 8.20) that shows the following message when disabling the firewall on an edge gateway:

Disabling Firewall will also disable NAT and other NAT dependent features like Load Balancer.

This also applies to the flash client.

When using a NAT or one of the services relying on NAT (like load balancing), ensure the firewall is turned on. If you don't need firewall features, simply add a rule allowing all traffic to pass through the firewall. This resembles the pre-8.20 vCloud Director functionality.