NSX Edge Gateway Management Each NSX Edge Gateway provides network edge security and gateway services to isolate a virtualized network. Query or Upgrade an Edge GatewayYou can use the VMware Cloud Director API for NSX to query all edges, query a specific edge, or upgrade an edge. Edge DHCP ServicesAn NSX edge gateway capabilities include IP address pooling, one-to-one static IP address allocation, and external DNS server configuration. Static IP address binding is based on the managed object ID and interface ID of the requesting client virtual machine. Edge Firewall ServicesEdge Firewall provides perimeter security for organization VDC networks. Edge NAT ServicesNSX Edge provides network address translation (NAT) service to assign a public address to a computer or group of computers in a private network. Using this technology limits the number of public IP addresses that an organization requires. You must configure NAT rules to provide access to services running on privately addressed virtual machines. Edge Routing ServicesDynamic routing protocols such as OSPF and BGP provide forwarding information between layer 2 broadcast domains. Edge Load Balancer ServicesThe NSX Edge load balancer distributes incoming service requests evenly among multiple servers in such a way that the load distribution is transparent to users. Load balancing thus helps in achieving optimal resource utilization, maximizing throughput, minimizing response time, and avoiding overload. NSX Edge provides load balancing up to Layer 7. Edge SSL VPN ServicesNSX Edge SSL VPN services enable remote users to connect securely to private networks behind an Edge Gateway. Edge L2 VPN ServicesL2 VPN allows you to configure a tunnel between two sites. Virtual machines remain on the same subnet in spite of being moved between these sites, which enables you to extend your datacenter. An NSX Edge at one site can provide all services to virtual machines on the other site. To create the L2 VPN tunnel, you configure an L2 VPN server and L2 VPN client. Edge IPSec VPN ServicesNSX Edge supports site‐to‐site IPSec VPN between an NSX Edge instance and remote sites. NSX Edge supports certificate authentication, preshared key mode, IP unicast traffic, and no dynamic routing protocol between the NSX Edge instance and remote VPN routers. Behind each remote VPN router, you can configure multiple subnets to connect to the internal network behind an NSX Edge through IPSec tunnels. These subnets and the internal network behind a NSX Edge must have address ranges that do not overlap. Edge Interfaces, Logging, Statistics, and Remote Access PropertiesThese requests retrieve statistics and other information from an edge and configure properties for remote access and logging via syslog.