# Create a Security Group ## Procedures ### Step 1 - Sign in and go to create 1. Log in to [**zenConsole**](https://console.zenlayer.com/). 2. Go to **Compute** > **Virtual Machine** > **Security Group** and click **Create Security Group**. ### Step 2 - Identify your security group ### Step 3 - Configure the inbound and outbound rules
ItemDescription
TypeAccept:allows access requests on a specific port.
PriorityA smaller value indicates a higher priority.
Valid values: 1 to 100.
ProtocolThe protocol type of the security group rule.
Valid values: All/TCP/UDP/All ICMP (IPv4)
Port rangeYou can specify a port range when Protocol Type is set as TCP or UDP. Enter one or more port ranges. Separate the port ranges with commas (,). Example: 22/23, 443/443.
Source/
Destination		Configure the host IP addresses of source and destination.
Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.
ActionsDelete the rule.
* Commonly used port explanations are shown as follows:
ProtocolPortDescription
ICMP-1/-1The ICMP port. It is used to ping instances through the Internet for network management and debugging.
SSH22The SSH port. It is used to remote access to Linux instances.
Telnet23The Telnet port. It is used to log in to instances.
HTTP80The HTTP port. Use a VM instance as a Web server.
HTTPS443The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.
SQL Server1433The TCP port of SQL Server. It is used for MySQL to provide external services.
Oracle1521The Oracle communication port. If your instances run Oracle SQL, you need to open this port.
MySQL3306The MySQL port. It is used for MySQL to provide external services.
Windows Remote Desktop3389The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.
PostgreSQL5432The PostgreSQL port. It is for PostgreSQL to provide external services.
Redis6379The Redis port. It is used for Redis to provide external services.
PortSource IPDescription
-1/-110.0.0.0/8Allow access from private IP range 10.0.0.0/8 to all ports
-1/-1172.16.0.0/12Allow access from private IP range 172.16.0.0/12 to all ports
-1/-1192.168.0.0/16Allow access from private IP range 192.168.0.0/16 to all ports
* Typical applications of commonly used ports are shown as follows:
ScenarioRule directionAuthorization policyProtocol typePort rangeAuthorization typeAuthorization objectPriority
Remote access to Linux instances through SSHInboundAllowSSH (22)22/22Address field access0.0.0.0/01
Remote access to Windows instances through RDPInboundAllowRDP (3389)3389/3389Address field access0.0.0.0/01
Ping VM instances through the InternetInboundAllowICMP-1/-1Address field access or security group accessSet this parameter according to the authorization type1
Use a VM instance as a Web serverInboundAllowHTTP (80)80/80Address field access0.0.0.0/01
Upload or download files through FTPInboundAllowCustom TCP20/21Address field access0.0.0.0/01
{% hint style="info" %} **Note** For security reasons, starting from November 27, 2023, you're restricted to access to **port 25** for email transmission by default. If you require continued access to **port 25**, you may submit a request to remove the restriction. {% endhint %} ### Step 4 - Select an instance to apply the security group to ### Step 5 - *(Optional)* describe the security group ### Step 6 - Click ***Create*** to create a security group ### Step 7 - Manage security groups * Deploy the security group\ On the security group interface, click the instances deployed the security group on to change or add the instance. * Edit the security group\ On the security group interface, click **Edit** to change inbound and outbound rules. * Delete the security group\ On the security group interface, click **Delete** to delete the security group then the instance will not be controlled by the rules.