NGW Message stating you have potentially insecure configuration
Article ID: 334972
Updated On:
Products
VMware Cloud on AWS
VMware Cloud on Dell EMC
Issue/Introduction
You receive a Notification Gateway (NGW) Message stating you have a potentially insecure configuration live on their SDDC.
Resolution
- You receive these NGW messages if you have configured an Any Source to vCenter Destination MGW firewall rule.
- Having an Any source inbound firewall rule pointing to the Cloud vCenter goes against security best practices, exposing the Cloud vCenter to risk.
- The correct course of action is to modify the offending firewall rule and update its source group to reference any Management Group which would require vCenter access.
Example Poor Rule (Any Source can access Cloud vCenter)
Example Updated Rule (Only a specific Desktop IP can access Cloud vCenter)
Additional Information
Impact/Risks:
Changing firewall Rules in a live production environment can always have unexpected consequences. Before publishing any firewall rule updates, double-check all rules changes to ensure VMC vCenter access will not be lost.
Changing firewall Rules in a live production environment can always have unexpected consequences. Before publishing any firewall rule updates, double-check all rules changes to ensure VMC vCenter access will not be lost.
Feedback
Yes
No
Powered by
