An administrator can configure NAT, firewall, and similar services on an existing Edge Gateway by updating its EdgeGatewayServiceConfiguration.

The Configuration element of an EdgeGateway includes an EdgeGatewayServiceConfiguration element, which can contain definitions of any of the services listed in Edge Gateways. Details of service configurations vary, but the mechanism is the same for creating or updating any Edge Gateway service. Note that some services require a reference to one or more Edge Gateway interfaces, and cannot be configured until those interfaces exist.

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.

Verify that your organization VDC contains an Edge Gateway. If it does not, a system administrator can create one.

Verify that the Edge Gateway is not an Advanced Gateway. If the EdgeGateway element that represents this Edge Gateway has an AdvancedNetworkingEnabled element whose value is true, using the vCloud API to configure Edge Gateway services can produce unexpected results. Use the vCloud Director API for NSX instead. See VMware Knowledge Base article


Retrieve the XML representation of the Edge Gateway.


Examine the response to locate the Link element that contains the URL for configuring services on the Edge Gateway.

This element has a rel attribute value of add and a type attribute value of application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml, as the following example shows:


Copy the EdgeGatewayServiceConfiguration element from the EdgeGateway you retrieved in Step 1.

The configureServices action replaces the entire contents of the existing EdgeGatewayServiceConfiguration with the one in the request body. Using the existing EdgeGatewayServiceConfiguration as the basis for your modifications reduces the chances of unintentional service changes.


Modify the EdgeGatewayServiceConfiguration that you copied in Step 3 to add, remove, or change the services that this Edge Gateway offers.

An EdgeGatewayServiceConfiguration element can contain any of the following elements:








POST the modified EdgeGatewayServiceConfiguration element to the URL in the value of the href attribute of the configureServices link described in Step 2.

The server takes the requested action and returns a Task element that tracks the progress of the request.

When the task completes successfully, the EdgeGatewayServiceConfiguration element you POSTed replaces the one you copied in Step 3.

This example replaces the default firewall service on the Edge Gateway created in Create an Edge Gateway. For details about this FirewallService, see Firewall Service Configurations


Content-Type: application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml
<?xml version="1.0" encoding="UTF-8"?>
         <Description>allow incoming ssh</Description>
         <Description>deny incoming telnet</Description>


202 Accepted
Content-Type: application/vnd.vmware.vcloud.task+xml
   operation="Updating services EdgeGateway theEdge(2000)"
   ... >