Create a Security Group

You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to public network access to your instances.

Procedures

Go to Security Group > Create Security Group.
Select a a global VPC that the security group will be deployed on.

Configure the inbound and outbound rules

Item	Description
Priority	A smaller value indicates a higher priority. Valid values: 1 to 999.
Type	Allow: allows access requests on a specific port. Deny: denies access requests on a specific port.
Protocol	The protocol type of the security group rule. Valid values: All/TCP/UDP/ICMP-IPv4/ICMP-IPv6
Port range	You can specify a port range when Protocol Type is set as TCP or UDP. The value ranges from 1 to 65535. You can specify single port numbers separated with a comma (for example, 80 indicating port 80; 20,30,40 indicating port 20, port 30, and port 40), or range of port numbers (for example, 4000-4200 indicating ports from 4000 to 4200). The value "All" cannot be set separately, indicating that the port is not restricted.
Source/ Destination	Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.
Actions	Delete the rule.

Item

Description

Priority

A smaller value indicates a higher priority. Valid values: 1 to 999.

Type

Allow: allows access requests on a specific port. Deny: denies access requests on a specific port.

Protocol

The protocol type of the security group rule. Valid values: All/TCP/UDP/ICMP-IPv4/ICMP-IPv6

Port range

You can specify a port range when Protocol Type is set as TCP or UDP. The value ranges from 1 to 65535. You can specify single port numbers separated with a comma (for example, 80 indicating port 80; 20,30,40 indicating port 20, port 30, and port 40), or range of port numbers (for example, 4000-4200 indicating ports from 4000 to 4200). The value "All" cannot be set separately, indicating that the port is not restricted.

Source/ Destination

Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.

Actions

Delete the rule.

Label your security group.

Commonly used port explanations are shown as follows:

Protocol	Port	Description
ICMP	-1/-1	The ICMP port. It is used to ping instances through the Internet for network management and debugging.
SSH	22	The SSH port. It is used to remote access to Linux instances.
Telnet	23	The Telnet port. It is used to log in to instances.
HTTP	80	The HTTP port. Use a VM instance as a Web server.
HTTPS	443	The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.
SQL Server	1433	The TCP port of SQL Server. It is used for MySQL to provide external services.
Oracle	1521	The Oracle communication port. If your instances run Oracle SQL, you need to open this port.
MySQL	3306	The MySQL port. It is used for MySQL to provide external services.
Windows Remote Desktop	3389	The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.
PostgreSQL	5432	The PostgreSQL port. It is for PostgreSQL to provide external services.
Redis	6379	The Redis port. It is used for Redis to provide external services.

Protocol

Port

Description

ICMP

-1/-1

The ICMP port. It is used to ping instances through the Internet for network management and debugging.

SSH

The SSH port. It is used to remote access to Linux instances.

Telnet

The Telnet port. It is used to log in to instances.

HTTP

The HTTP port. Use a VM instance as a Web server.

HTTPS

443

The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.

SQL Server

1433

The TCP port of SQL Server. It is used for MySQL to provide external services.

Oracle

1521

The Oracle communication port. If your instances run Oracle SQL, you need to open this port.

MySQL

3306

The MySQL port. It is used for MySQL to provide external services.

Windows Remote Desktop

3389

The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.

PostgreSQL

5432

The PostgreSQL port. It is for PostgreSQL to provide external services.

Redis

6379

The Redis port. It is used for Redis to provide external services.

Port Source IP Description

Port	Source IP	Description
-1/-1	10.0.0.0/8	Allow access from private IP range `10.0.0.0/8` to all ports
-1/-1	172.16.0.0/12	Allow access from private IP range `172.16.0.0/12` to all ports
-1/-1	192.168.0.0/16	Allow access from private IP range `192.168.0.0/16` to all ports

-1/-1

10.0.0.0/8

Allow access from private IP range 10.0.0.0/8 to all ports

-1/-1

172.16.0.0/12

Allow access from private IP range 172.16.0.0/12 to all ports

-1/-1

192.168.0.0/16

Allow access from private IP range 192.168.0.0/16 to all ports

Typical applications of commonly used ports are shown as follows:

Scenario	Rule direction	Authorization policy	Protocol type	Port range	Authorization type	Authorization object	Priority
Remote access to Linux instances through SSH	Inbound	Allow	SSH (22)	22/22	Address field access	0.0.0.0/0	1
Remote access to Windows instances through RDP	Inbound	Allow	RDP (3389)	3389/3389	Address field access	0.0.0.0/0	1
Ping VM instances through the Internet	Inbound	Allow	ICMP	-1/-1	Address field access or security group access	Set this parameter according to the authorization type	1
Use a VM instance as a Web server	Inbound	Allow	HTTP (80)	80/80	Address field access	0.0.0.0/0	1
Upload or download files through FTP	Inbound	Allow	Custom TCP	20/21	Address field access	0.0.0.0/0	1

Scenario

Rule direction

Authorization policy

Protocol type

Port range

Authorization type

Authorization object

Priority

Remote access to Linux instances through SSH

Inbound

Allow

SSH (22)

22/22

Address field access

0.0.0.0/0

Remote access to Windows instances through RDP

Inbound

Allow

RDP (3389)

3389/3389

Address field access

0.0.0.0/0

Ping VM instances through the Internet

Inbound

Allow

ICMP

-1/-1

Address field access or security group access

Set this parameter according to the authorization type

Use a VM instance as a Web server

Inbound

Allow

HTTP (80)

80/80

Address field access

0.0.0.0/0

Upload or download files through FTP

Inbound

Allow

Custom TCP

20/21

Address field access

0.0.0.0/0

Note

For security reasons, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.

More Actions

Go to Security Group > Actions to do the following actions.

Edit Change inbound and outbound rules.
Associate Global VPC Deploy the security group on instances in the selected global VPC.
Delete

Note

Dissociate all global VPCs first before deleting the security group.
Default security group cannot be deleted.

PreviousManage Network Security NextCreate an SSH Key Pair

Last updated 4 months ago