Create a Security Group
You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to public network access to your instances.
Procedures
Go to Security Group > Create Security Group.
Select a a global VPC that the security group will be deployed on.
Configure the inbound and outbound rules
ItemDescriptionPriority
A smaller value indicates a higher priority. Valid values: 1 to 999.
Type
Allow: allows access requests on a specific port. Deny: denies access requests on a specific port.
Protocol
The protocol type of the security group rule. Valid values: All/TCP/UDP/ICMP-IPv4/ICMP-IPv6
Port range
You can specify a port range when Protocol Type is set as TCP or UDP. The value ranges from 1 to 65535. You can specify single port numbers separated with a comma (for example, 80 indicating port 80; 20,30,40 indicating port 20, port 30, and port 40), or range of port numbers (for example, 4000-4200 indicating ports from 4000 to 4200). The value "All" cannot be set separately, indicating that the port is not restricted.
Source/ Destination
Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.
Actions
Delete the rule.
Label your security group.
Commonly used port explanations are shown as follows:
ICMP
-1/-1
The ICMP port. It is used to ping instances through the Internet for network management and debugging.
SSH
22
The SSH port. It is used to remote access to Linux instances.
Telnet
23
The Telnet port. It is used to log in to instances.
HTTP
80
The HTTP port. Use a VM instance as a Web server.
HTTPS
443
The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.
SQL Server
1433
The TCP port of SQL Server. It is used for MySQL to provide external services.
Oracle
1521
The Oracle communication port. If your instances run Oracle SQL, you need to open this port.
MySQL
3306
The MySQL port. It is used for MySQL to provide external services.
Windows Remote Desktop
3389
The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.
PostgreSQL
5432
The PostgreSQL port. It is for PostgreSQL to provide external services.
Redis
6379
The Redis port. It is used for Redis to provide external services.
-1/-1
10.0.0.0/8
Allow access from private IP range 10.0.0.0/8 to all ports
-1/-1
172.16.0.0/12
Allow access from private IP range 172.16.0.0/12 to all ports
-1/-1
192.168.0.0/16
Allow access from private IP range 192.168.0.0/16 to all ports
Typical applications of commonly used ports are shown as follows:
Remote access to Linux instances through SSH
Inbound
Allow
SSH (22)
22/22
Address field access
0.0.0.0/0
1
Remote access to Windows instances through RDP
Inbound
Allow
RDP (3389)
3389/3389
Address field access
0.0.0.0/0
1
Ping VM instances through the Internet
Inbound
Allow
ICMP
-1/-1
Address field access or security group access
Set this parameter according to the authorization type
1
Use a VM instance as a Web server
Inbound
Allow
HTTP (80)
80/80
Address field access
0.0.0.0/0
1
Upload or download files through FTP
Inbound
Allow
Custom TCP
20/21
Address field access
0.0.0.0/0
1
Note
For security reasons, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.
More Actions
Go to Security Group > Actions to do the following actions.
Edit Change inbound and outbound rules.
Associate Global VPC Deploy the security group on instances in the selected global VPC.
Delete
Note
Dissociate all global VPCs first before deleting the security group.
Default security group cannot be deleted.
Last updated