VMware NSX Installation and Configuration Part 10- Adding an Edge Services Gateway

You can install multiple NSX Edge services gateway virtual appliances in a data center. Each NSX Edge virtual appliance can have a total of ten uplink and internal network interfaces. The internal interfaces connect to secured port groups and act as the gateway for all protected virtual machines in the port group.

The subnet assigned to the internal interface can be a publicly routed IP address space or a NATed/routed RFC 1918 private space. Firewall rules and other NSX Edge services are enforced on traffic between interfaces. Uplink interfaces of an ESG connect to uplink port groups that have access to a shared corporate network or a service that provides access layer networking.

Procedure:

1 In vCenter, navigate to Home > Networking & Security > NSX Edges and click the Add (+) icon.

2 Select Edge Services Gateway and type a name for the device. This name appears in your vCenter inventory. The name should be unique across all ESGs within a single tenant. Optionally, you can also enter a hostname. This name appears in the CLI. If you do not specify the host name, the Edge ID, which gets created automatically, is displayed in the CLI. Optionally, you can enter a description and tenant and enable high availability.

3 Type and re-type a password for the ESG.

4 (Optional) Enable SSH, high availability, and automatic rule generation, and set the log level. If you do not enable automatic rule generation, you must manually add firewall, NAT, and routing configuration to allow control traffic for certain, NSX Edge services, including as load balancing and VPN. Auto rule generation does not create rules for data-channel traffic. By default, SSH and high availability are disabled, and automatic rule generation is enabled. By default, the log level is emergency. By default, logging is enabled on all new NSX Edge appliances. The default logging level is NOTICE.