A new security requirement will be implemented on SDDCs starting with version 1.22. This new security requirement will prevent the creation of security rules on the Management Gateway, that utilise ANY or 0.0.0.0/0 or ::/0 as a source for rules that grant access to services downstream from the Management Gateway (e.g : vCenter, NSX Manager, & other appliances). This new security implementation will improve the security posture of the managed services in all VMC on AWS SDDCs.

Cloud_admin can not create any Management Gateway rule with source as ANY/0.0.0.0/0/ ::/0 and destination to any of management groups(SYSTEM DEFINED GROUP)  VCENTER, ESXI, NSX-MANAGER & HCX.Controls are added in vmc to block such firewall rules.

In the upgrade process, vmc will retain all existing firewall rules which has source as ANY/0.0.0.0/0 and destination below to VCENTER, ESXI, NSX-MANAGER & HCX groups, but customer will not be able to create any new rules until they delete the existing rules with source ANY or 0.0.0.0/0 (Invalid Rules) or modify the invalid rules with valid IPaddress.

For any further assistance or clarification please reach out to VMware support team