Search the VMware Knowledge Base (KB)
View by Article ID

NAT does not translate IP addresses when NSX Edge firewall is disabled (2093153)

  • 0 Ratings


  • Source NAT with a translated IP range is configured on an NSX for vSphere Edge gateway.
  • Edge gateway firewall service is disabled
  • No traffic passes through the Edge gateway from the internal virtual machines.


When the Edge gateway firewall is disabled, all stateful services also are disabled if the Edge device is a 6.0 Extra Large or 6.1 and 6.2 Edge device.

When using vShield Edge and vCloud Director, disabling the firewall from the vCloud Director UI creates an allow any/any rule on the Edge device.  


This is an expected behavior since NAT is dependent on firewall and firewall service is disabled.

To resolve this issue:
  • Enable the Edge gateway firewall to run stateful service such as NAT.

For steps on enabling the Edge Gateway Firewall, refer to the Working with Edge Firewall section in the NSX for vSphere Administration Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 0 Ratings