[VMC on AWS] "Overly Permissive Compute Gateway Firewall Rule detected" notification
search cancel

[VMC on AWS] "Overly Permissive Compute Gateway Firewall Rule detected" notification

book

Article ID: 327142

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

  • You may receive the notification email titled "Overly Permissive Compute Gateway Firewall Rule detected".
  • You may see the notification banner message beginning "Overly Permissive Compute Gateway Firewall Rule detected" on the top of VMware Cloud on AWS Console.


Resolution

VMware is scanning SDDCs that have at least one overly-permissive inbound Compute Gateway firewall rule Source=Any, Destination=Any, Services=Any, Applied To: All uplinks/Internet, and Action=Allow, and notifying via our notification system.
This rule can enable attacks on your workload VMs and may lead to compromise of your SDDC.

As a best practice, please consider to configure Compute Gateway Firewall rules to allow access only from trusted source addresses.
e.g. Source="Corporate Networks" or Destination="Limited Public Web Servers"

You can edit this notification from Notification Preferences > Operation"unsafe CGW firewall rule notification".

Additional Information

Set Notification Preferences