[VMC on AWS] "Overly Permissive Compute Gateway Firewall Rule detected" notification
Article ID: 327142
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
- You may receive the notification email titled "Overly Permissive Compute Gateway Firewall Rule detected".
- You may see the notification banner message beginning "Overly Permissive Compute Gateway Firewall Rule detected" on the top of VMware Cloud on AWS Console.
Resolution
VMware is scanning SDDCs that have at least one overly-permissive inbound Compute Gateway firewall rule Source=Any, Destination=Any, Services=Any, Applied To: All uplinks/Internet, and Action=Allow, and notifying via our notification system.
This rule can enable attacks on your workload VMs and may lead to compromise of your SDDC.
As a best practice, please consider to configure Compute Gateway Firewall rules to allow access only from trusted source addresses.
e.g. Source="Corporate Networks" or Destination="Limited Public Web Servers"
You can edit this notification from Notification Preferences > Operation > "unsafe CGW firewall rule notification".
This rule can enable attacks on your workload VMs and may lead to compromise of your SDDC.
As a best practice, please consider to configure Compute Gateway Firewall rules to allow access only from trusted source addresses.
e.g. Source="Corporate Networks" or Destination="Limited Public Web Servers"
You can edit this notification from Notification Preferences > Operation > "unsafe CGW firewall rule notification".
Additional Information
Feedback
Yes
No
Powered by
