search
DevelopersGlossarySign Up

Create a Security Group

You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to both public and private network access to your instances.

hashtag
Procedures

hashtag
Step 1 - Sign in and go to create

  1. Log in to zenConsolearrow-up-right.

  2. Go to Compute > Virtual Machine > Security Group and click Create Security Group.

hashtag
Step 2 - Identify your security group

hashtag
Step 3 - Configure the inbound and outbound rules

Item
Description

Type

Accept:allows access requests on a specific port.

Priority

A smaller value indicates a higher priority. Valid values: 1 to 100.

Protocol

The protocol type of the security group rule. Valid values: All/TCP/UDP/All ICMP (IPv4)

Port range

You can specify a port range when Protocol Type is set as TCP or UDP. Enter one or more port ranges. Separate the port ranges with commas (,). Example: 22/23, 443/443.

Source/ Destination

Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.

Actions

Delete the rule.

  • Commonly used port explanations are shown as follows:

Protocol
Port
Description

ICMP

-1/-1

The ICMP port. It is used to ping instances through the Internet for network management and debugging.

SSH

22

The SSH port. It is used to remote access to Linux instances.

Telnet

23

The Telnet port. It is used to log in to instances.

HTTP

80

The HTTP port. Use a VM instance as a Web server.

HTTPS

443

The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.

SQL Server

1433

The TCP port of SQL Server. It is used for MySQL to provide external services.

Oracle

1521

The Oracle communication port. If your instances run Oracle SQL, you need to open this port.

MySQL

3306

The MySQL port. It is used for MySQL to provide external services.

Windows Remote Desktop

3389

The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.

PostgreSQL

5432

The PostgreSQL port. It is for PostgreSQL to provide external services.

Redis

6379

The Redis port. It is used for Redis to provide external services.

Port
Source IP
Description

-1/-1

10.0.0.0/8

Allow access from private IP range 10.0.0.0/8 to all ports

-1/-1

172.16.0.0/12

Allow access from private IP range 172.16.0.0/12 to all ports

-1/-1

192.168.0.0/16

Allow access from private IP range 192.168.0.0/16 to all ports

  • Typical applications of commonly used ports are shown as follows:

Scenario
Rule direction
Authorization policy
Protocol type
Port range
Authorization type
Authorization object
Priority

Remote access to Linux instances through SSH

Inbound

Allow

SSH (22)

22/22

Address field access

0.0.0.0/0

1

Remote access to Windows instances through RDP

Inbound

Allow

RDP (3389)

3389/3389

Address field access

0.0.0.0/0

1

Ping VM instances through the Internet

Inbound

Allow

ICMP

-1/-1

Address field access or security group access

Set this parameter according to the authorization type

1

Use a VM instance as a Web server

Inbound

Allow

HTTP (80)

80/80

Address field access

0.0.0.0/0

1

Upload or download files through FTP

Inbound

Allow

Custom TCP

20/21

Address field access

0.0.0.0/0

1

circle-info

Note

For security reasons, starting from November 27, 2023, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.

hashtag
Step 4 - Select an instance to apply the security group to

hashtag
Step 5 - (Optional) describe the security group

hashtag
Step 6 - Click Create to create a security group

hashtag
Step 7 - Manage security groups

  • Deploy the security group On the security group interface, click the instances deployed the security group on to change or add the instance.

  • Edit the security group On the security group interface, click Edit to change inbound and outbound rules.

  • Delete the security group On the security group interface, click Delete to delete the security group then the instance will not be controlled by the rules.

PreviousCreate a SubnetNextCreate an SSH Key Pair

Last updated