An organization administrator or system administrator can configure NAT, firewall, and similar services on an existing Edge Gateway by updating its EdgeGatewayServiceConfiguration.

The Configuration element of an EdgeGateway includes an EdgeGatewayServiceConfiguration element, which can contain definitions of any of the services listed in Edge Gateways. Details of service configurations vary, but the mechanism is the same for creating or updating any Edge Gateway service.

You can include an EdgeGatewayServiceConfiguration element that defines one or more services when you create an Edge Gateway, or you can create the Edge Gateway without this element, as shown in Create an Edge Gateway, then update it to add or change services as needed. Note that some services require a reference to one or more Edge Gateway interfaces, and cannot be configured until those interfaces exist.

Verify that you are logged in to the vCloud API as an organization administrator or system administrator.

1

Retrieve the XML representation of the Edge Gateway.

2

Examine the response to locate the Link element that contains the URL for configuring services on the Edge Gateway.

This element has a rel attribute value of add and a type attribute value of application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml, as the following example shows:

<Link
   href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/configureServices"
   rel="add" 
   type="application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml"/>
3

Copy the EdgeGatewayServiceConfiguration element from the EdgeGateway you retrieved in Step 1.

The configureServices action replaces the entire contents of the existing EdgeGatewayServiceConfiguration with the one in the request body. Using the existing EdgeGatewayServiceConfiguration as the basis for your modifications reduces the chances of unintentional service changes.

4

Modify the EdgeGatewayServiceConfiguration that you copied in Step 3 to add, remove, or change the services that this Edge Gateway offers.

An EdgeGatewayServiceConfiguration element can contain any of the following elements:

FirewallService

GatewayDhcpService

GatewayIpsecVpnService

LoadBalancerService

NatService

StaticRoutingService

5

POST the modified EdgeGatewayServiceConfiguration element to the URL in the value of the href attribute of the configureServices link described in Step 2.

The server takes the requested action and returns a Task element that tracks the progress of the request.

When the task completes successfully, the EdgeGatewayServiceConfiguration element you POSTed replaces the one you copied in Step 3.

This example replaces the default firewall service on the Edge Gateway created in Create an Edge Gateway. For details about this FirewallService, see Firewall Service Configurations

Request:

POST https://vcloud.example.com/api/admin/edgeGateway/2000/action/configureServices
Content-Type: application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml
...

<?xml version="1.0" encoding="UTF-8"?>
<EdgeGatewayServiceConfiguration
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <FirewallService>
      <IsEnabled>true</IsEnabled>
      <DefaultAction>allow</DefaultAction>
      <LogDefaultAction>false</LogDefaultAction>
      <FirewallRule>
         <IsEnabled>true</IsEnabled>
         <Description>allow incoming ssh</Description>
         <Policy>allow</Policy>
         <Protocols>
            <Tcp>true</Tcp>
         </Protocols>
         <DestinationPortRange>22</DestinationPortRange>
         <DestinationIp>Internal</DestinationIp>
         <SourcePortRange>Any</SourcePortRange>
         <SourceIp>External</SourceIp>
         <EnableLogging>true</EnableLogging>
      </FirewallRule>
      <FirewallRule>
         <IsEnabled>true</IsEnabled>
         <Description>deny incoming telnet</Description>
         <Policy>drop</Policy>
         <Protocols>
            <Tcp>true</Tcp>
         </Protocols>
         <DestinationPortRange>23</DestinationPortRange>
         <DestinationIp>Internal</DestinationIp>
         <SourcePortRange>Any</SourcePortRange>
         <SourceIp>External</SourceIp>
         <EnableLogging>false</EnableLogging>
      </FirewallRule>
   </FirewallService>
</EdgeGatewayServiceConfiguration>

Response:

202 Accepted
Content-Type: application/vnd.vmware.vcloud.task+xml
...
<Task
   href="https://vcloud.example.com/api/task/2120"
   ...
   status="running"
   operation="Updating services EdgeGateway theEdge(2000)"
   ... >
</Task>