Create a Security Group
You can set your security group rules for your instances on zenConsole to improve the network security. The security group applies to both public and private network access to your instances.
Procedures
Step 1 - Sign in and go to create
Log in to zenConsole.
Go to Compute > Virtual Machine > Security Group and click Create Security Group.
Step 2 - Identify your security group
Step 3 - Configure the inbound and outbound rules
| Item | Description |
|---|---|
Type | Accept:allows access requests on a specific port. |
Priority | A smaller value indicates a higher priority. Valid values: 1 to 100. |
Protocol | The protocol type of the security group rule. Valid values: All/TCP/UDP/All ICMP (IPv4) |
Port range | You can specify a port range when Protocol Type is set as TCP or UDP. Enter one or more port ranges. Separate the port ranges with commas (,). Example: 22/23, 443/443. |
Source/ Destination | Configure the host IP addresses of source and destination. Example: 192.168.0.0/24. 0.0.0.0/0 or ::/0 indicates all IP addresses are allowed. |
Actions | Delete the rule. |
Commonly used port explanations are shown as follows:
| Protocol | Port | Description |
|---|---|---|
ICMP | -1/-1 | The ICMP port. It is used to ping instances through the Internet for network management and debugging. |
SSH | 22 | The SSH port. It is used to remote access to Linux instances. |
Telnet | 23 | The Telnet port. It is used to log in to instances. |
HTTP | 80 | The HTTP port. Use a VM instance as a Web server. |
HTTPS | 443 | The HTTPS port. It is used to access web services. HTTPS protocol is encrypted and secured. |
SQL Server | 1433 | The TCP port of SQL Server. It is used for MySQL to provide external services. |
Oracle | 1521 | The Oracle communication port. If your instances run Oracle SQL, you need to open this port. |
MySQL | 3306 | The MySQL port. It is used for MySQL to provide external services. |
Windows Remote Desktop | 3389 | The Windows Server Remote Desktop Services (RDP) port. It is used to log in to Windows instances. |
PostgreSQL | 5432 | The PostgreSQL port. It is for PostgreSQL to provide external services. |
Redis | 6379 | The Redis port. It is used for Redis to provide external services. |
| Port | Source IP | Description |
|---|---|---|
-1/-1 | 10.0.0.0/8 | Allow access from private IP range |
-1/-1 | 172.16.0.0/12 | Allow access from private IP range |
-1/-1 | 192.168.0.0/16 | Allow access from private IP range |
Typical applications of commonly used ports are shown as follows:
| Scenario | Rule direction | Authorization policy | Protocol type | Port range | Authorization type | Authorization object | Priority |
|---|---|---|---|---|---|---|---|
Remote access to Linux instances through SSH | Inbound | Allow | SSH (22) | 22/22 | Address field access | 0.0.0.0/0 | 1 |
Remote access to Windows instances through RDP | Inbound | Allow | RDP (3389) | 3389/3389 | Address field access | 0.0.0.0/0 | 1 |
Ping VM instances through the Internet | Inbound | Allow | ICMP | -1/-1 | Address field access or security group access | Set this parameter according to the authorization type | 1 |
Use a VM instance as a Web server | Inbound | Allow | HTTP (80) | 80/80 | Address field access | 0.0.0.0/0 | 1 |
Upload or download files through FTP | Inbound | Allow | Custom TCP | 20/21 | Address field access | 0.0.0.0/0 | 1 |
Note
For security reasons, starting from November 27, 2023, you're restricted to access to port 25 for email transmission by default. If you require continued access to port 25, you may submit a request to remove the restriction.
Step 4 - Select an instance to apply the security group to
Step 5 - (Optional) describe the security group
Step 6 - Click Create to create a security group
Step 7 - Manage security groups
Deploy the security group On the security group interface, click the instances deployed the security group on to change or add the instance.
Edit the security group On the security group interface, click Edit to change inbound and outbound rules.
Delete the security group On the security group interface, click Delete to delete the security group then the instance will not be controlled by the rules.
Last updated