With the release of Cloud Director 10.2, a major change to the NSX-T based NAT configuration has been implemented. The change affects how you set up DNAT and has caused some confusion after the upgrade.
In previous versions, the Application Profile (eg. SSH, HTTP, or HTTPS) defined the external and internal port. With the optional "Internal Port" setting it was possible to configure a custom internal port.
With Cloud Director 10.2, the Application profile defines the internal port only. If you do not fill in the "External Port" configuration, which is exactly in the same position as the "Internal Port" setting on previous versions, it translates ALL external ports to the configured Application. This is something you absolutely do not want to have and I've seen a lot of false configured NATs since Cloud Director 10.2.
The way you have to configure DNAT in Cloud Director 10.2 is not very intuitive, so be careful to set it up properly. When upgrading from previous versions, make sure to check the NAT configuration for errors.
This is what the configuration looks like in previous versions:
NAT Configuration in Cloud Director 10
This is the NAT configuration in Cloud Director 10.2:
NAT Configuration in Cloud Director 10.2
To properly set up a port forwarding for HTTP in Cloud Director 10.2, make sure to not only configure the Application but also the External Port. If not configured, all ports are forwarded to the application and you can only configure one NAT per public address.