book
Article ID: 327142
calendar_today
Updated On:
Resolution
VMware is scanning SDDCs that have at least one overly-permissive inbound Compute Gateway firewall rule Source=Any, Destination=Any, Services=Any, Applied To: All uplinks/Internet, and Action=Allow, and notifying via our notification system.
This rule can enable attacks on your workload VMs and may lead to compromise of your SDDC.
As a best practice, please consider to configure Compute Gateway Firewall rules to allow access only from trusted source addresses.
e.g. Source="Corporate Networks" or Destination="Limited Public Web Servers"
You can edit this notification from Notification Preferences > Operation > "unsafe CGW firewall rule notification".