In computing environments, software defined networks may be used that comprise software modules capable of providing a communication platform for one or more virtual nodes in the computing environment. The software defined networks, which may include logical switches, routers, distributed firewalls, and the like, may be used to intelligently direct communication on the network by inspecting packets before passing them to other computing nodes. For example, packets may be inspected to determine the source and destination internet protocol (IP) addresses to determine if the communication is permitted to be delivered to the destination computing node. In some implementations, software defined networks may be designed with packet forwarding configurations that indicate actions to be taken against each communicated packet. The packet forwarding configurations may identify specific attributes, such as IP addresses, media access control (MAC) addresses, and the like, within the data packet and, when identified, provide a set of actions to be asserted against the data packet. These actions may include modifications to the data packet, and forwarding rules for the data packet, amongst other possible operations.
In some implementations, computing environments, such as those employed for an organization, may employ edge gateways that can be used as a virtual router to communicate packets between the organization's various computing sites. These edge gateways may provide network services such as static routing, virtual private networking, load balancing, firewall operations, Dynamic Host Configuration Protocol (DHCP), and network address translation. In some examples, the edge gateways may provide Internet Protocol Security (IPSec) communications between computing sites of the organization's environment. However, configuring address control lists (ACLs) for the gateways may be difficult and cumbersome for an administrator of the computing environment. In particular, difficulties arise in configuring the edge gateways at each computing site, and notifying the gateways when new virtual nodes become available.