# Create a Security Group ## Procedures ### Step 1 - Sign in and go to create 1. Log in to [**zenConsole**](https://console.zenlayer.com/). 2. Go to **Compute** > **Virtual Machine** > **Security Group** and click **Create Security Group**. ### Step 2 - Identify your security group ### Step 3 - Configure the inbound and outbound rules
ItemDescription
TypeAccept:allows access requests on a specific port.
PriorityA smaller value indicates a higher priority.
Valid values: 1 to 100.
ProtocolThe protocol type of the security group rule.
Valid values: All/TCP/UDP/All ICMP (IPv4)
Port rangeYou can specify a port range when Protocol Type is set as TCP or UDP. Enter one or more port ranges. Separate the port ranges with commas (,). Example: 22/23, 443/443.
Source/
Destination		Configure the host IP addresses of source and destination.
Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.
ActionsDelete the rule.
* Commonly used port explanations are shown as follows:
ProtocolPortDescription
ICMP-1/-1The ICMP port. It is used to ping instances through the Internet for network management and debugging.
SSH22The SSH port. It is used to remote access to Linux instances.
Telnet23The Telnet port. It is used to log in to instances.
HTTP80The HTTP port. Use a VM instance as a Web server.
HTTPS443The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.
SQL Server1433The TCP port of SQL Server. It is used for MySQL to provide external services.
Oracle1521The Oracle communication port. If your instances run Oracle SQL, you need to open this port.
MySQL3306The MySQL port. It is used for MySQL to provide external services.
Windows Remote Desktop3389The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.
PostgreSQL5432The PostgreSQL port. It is for PostgreSQL to provide external services.
Redis6379The Redis port. It is used for Redis to provide external services.
PortSource IPDescription
-1/-110.0.0.0/8Allow access from private IP range 10.0.0.0/8 to all ports
-1/-1172.16.0.0/12Allow access from private IP range 172.16.0.0/12 to all ports
-1/-1192.168.0.0/16Allow access from private IP range 192.168.0.0/16 to all ports
* Typical applications of commonly used ports are shown as follows:
ScenarioRule directionAuthorization policyProtocol typePort rangeAuthorization typeAuthorization objectPriority
Remote access to Linux instances through SSHInboundAllowSSH (22)22/22Address field access0.0.0.0/01
Remote access to Windows instances through RDPInboundAllowRDP (3389)3389/3389Address field access0.0.0.0/01
Ping VM instances through the InternetInboundAllowICMP-1/-1Address field access or security group accessSet this parameter according to the authorization type1
Use a VM instance as a Web serverInboundAllowHTTP (80)80/80Address field access0.0.0.0/01
Upload or download files through FTPInboundAllowCustom TCP20/21Address field access0.0.0.0/01
{% hint style="info" %} **Note** For security reasons, starting from November 27, 2023, you're restricted to access to **port 25** for email transmission by default. If you require continued access to **port 25**, you may submit a request to remove the restriction. {% endhint %} ### Step 4 - Select an instance to apply the security group to ### Step 5 - *(Optional)* describe the security group ### Step 6 - Click ***Create*** to create a security group ### Step 7 - Manage security groups * Deploy the security group\ On the security group interface, click the instances deployed the security group on to change or add the instance. * Edit the security group\ On the security group interface, click **Edit** to change inbound and outbound rules. * Delete the security group\ On the security group interface, click **Delete** to delete the security group then the instance will not be controlled by the rules. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.console.zenlayer.com/welcome/virtual-machine/get-started/network-and-security/create-a-security-group.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.