Links

Create a Security Group

You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to both public and private network access to your instances.

Procedures

Step 1 - Sign in and go to create

  1. 1.
    Log in to zenConsole.
  2. 2.
    Go to Compute > Virtual Machine > Security Group and click Create Security Group.

Step 2 - Identify your security group

Step 3 - Configure the inbound and outbound rules

Item
Description
Type
Accept:allows access requests on a specific port.
Priority
A smaller value indicates a higher priority. Valid values: 1 to 100.
Protocol
The protocol type of the security group rule. Valid values: All/TCP/UDP/All ICMP (IPv4)
Port range
You can specify a port range when Protocol Type is set as TCP or UDP. Enter one or more port ranges. Separate the port ranges with commas (,). Example: 22/23, 443/443.
Source/ Destination
Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed.
Actions
Delete the rule.
  • Commonly used port explanations are shown as follows:
Protocol
Port
Description
ICMP
-1/-1
The ICMP port. It is used to ping instances through the Internet for network management and debugging.
SSH
22
The SSH port. It is used to remote access to Linux instances.
Telnet
23
The Telnet port. It is used to log in to instances.
HTTP
80
The HTTP port. Use a VM instance as a Web server.
HTTPS
443
The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured.
SQL Server
1433
The TCP port of SQL Server. It is used for MySQL to provide external services.
Oracle
1521
The Oracle communication port. If your instances run Oracle SQL, you need to open this port.
MySQL
3306
The MySQL port. It is used for MySQL to provide external services.
Windows Remote Desktop
3389
The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances.
PostgreSQL
5432
The PostgreSQL port. It is for PostgreSQL to provide external services.
Redis
6379
The Redis port. It is used for Redis to provide external services.
Port
Source IP
Description
-1/-1
10.0.0.0/8
Allow access from private IP range 10.0.0.0/8 to all ports
-1/-1
172.16.0.0/12
Allow access from private IP range 172.16.0.0/12 to all ports
-1/-1
192.168.0.0/16
Allow access from private IP range 192.168.0.0/16 to all ports
  • Typical applications of commonly used ports are shown as follows:
Scenario
Rule direction
Authorization policy
Protocol type
Port range
Authorization type
Authorization object
Priority
Remote access to Linux instances through SSH
Inbound
Allow
SSH (22)
22/22
Address field access
0.0.0.0/0
1
Remote access to Windows instances through RDP
Inbound
Allow
RDP (3389)
3389/3389
Address field access
0.0.0.0/0
1
Ping VM instances through the Internet
Inbound
Allow
ICMP
-1/-1
Address field access or security group access
Set this parameter according to the authorization type
1
Use a VM instance as a Web server
Inbound
Allow
HTTP (80)
80/80
Address field access
0.0.0.0/0
1
Upload or download files through FTP
Inbound
Allow
Custom TCP
20/21
Address field access
0.0.0.0/0
1
Note
For security reasons, starting from November 27, 2023, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.

Step 4 - Select an instance to apply the security group to

Step 5 - (Optional) describe the security group

Step 6 - Click Create to create a security group

Step 7 - Manage security groups

  • Deploy the security group On the security group interface, click the instances deployed the security group on to change or add the instance.
  • Edit the security group On the security group interface, click Edit to change inbound and outbound rules.
  • Delete the security group On the security group interface, click Delete to delete the security group then the instance will not be controlled by the rules.