Create a Security Group

You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to public network access to your instances.

Procedures

  1. Go to Security Group > Create Security Group.

  2. Select a a global VPC that the security group will be deployed on.

  3. Configure the inbound and outbound rules

    Item
    Description

    Priority

    A smaller value indicates a higher priority. Valid values: 1 to 999.

    Type

    Allow: allows access requests on a specific port. Deny: denies access requests on a specific port.

    Protocol

    The protocol type of the security group rule. Valid values: All/TCP/UDP/ICMP-IPv4/ICMP-IPv6

    Port range

    You can specify a port range when Protocol Type is set as TCP or UDP. The value ranges from 1 to 65535. You can specify single port numbers separated with a comma (for example, 80 indicating port 80; 20,30,40 indicating port 20, port 30, and port 40), or range of port numbers (for example, 4000-4200 indicating ports from 4000 to 4200). The value "All" cannot be set separately, indicating that the port is not restricted.

    Source/ Destination

    Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.

    Actions

    Delete the rule.

  4. Label your security group.

Commonly used port explanations are shown as follows:

Protocol
Port
Description

ICMP

-1/-1

The ICMP port. It is used to ping instances through the Internet for network management and debugging.

SSH

22

The SSH port. It is used to remote access to Linux instances.

Telnet

23

The Telnet port. It is used to log in to instances.

HTTP

80

The HTTP port. Use a VM instance as a Web server.

HTTPS

443

The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.

SQL Server

1433

The TCP port of SQL Server. It is used for MySQL to provide external services.

Oracle

1521

The Oracle communication port. If your instances run Oracle SQL, you need to open this port.

MySQL

3306

The MySQL port. It is used for MySQL to provide external services.

Windows Remote Desktop

3389

The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.

PostgreSQL

5432

The PostgreSQL port. It is for PostgreSQL to provide external services.

Redis

6379

The Redis port. It is used for Redis to provide external services.

Port
Source IP
Description

-1/-1

10.0.0.0/8

Allow access from private IP range 10.0.0.0/8 to all ports

-1/-1

172.16.0.0/12

Allow access from private IP range 172.16.0.0/12 to all ports

-1/-1

192.168.0.0/16

Allow access from private IP range 192.168.0.0/16 to all ports

Typical applications of commonly used ports are shown as follows:

Scenario
Rule direction
Authorization policy
Protocol type
Port range
Authorization type
Authorization object
Priority

Remote access to Linux instances through SSH

Inbound

Allow

SSH (22)

22/22

Address field access

0.0.0.0/0

1

Remote access to Windows instances through RDP

Inbound

Allow

RDP (3389)

3389/3389

Address field access

0.0.0.0/0

1

Ping VM instances through the Internet

Inbound

Allow

ICMP

-1/-1

Address field access or security group access

Set this parameter according to the authorization type

1

Use a VM instance as a Web server

Inbound

Allow

HTTP (80)

80/80

Address field access

0.0.0.0/0

1

Upload or download files through FTP

Inbound

Allow

Custom TCP

20/21

Address field access

0.0.0.0/0

1

Note

For security reasons, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.

More Actions

Go to Security Group > Actions to do the following actions.

  • Edit Change inbound and outbound rules.

  • Associate Global VPC Deploy the security group on instances in the selected global VPC.

  • Delete

Note

  • Dissociate all global VPCs first before deleting the security group.

  • Default security group cannot be deleted.

Last updated