This document describes how to create and configure a security group for an instance. For more information, please see Security Group.
Configuring a Security Group
- Select New security group.
If you have available security groups, you can select Existing Security Groups.
- Select IP addresses or ports to open based on your actual requirements.
Rules for a new security group are as follows:
- ICMP: opens to the ICMP protocol and allows the pinging of the server over the public network.
- TCP:80: opens port 80 and allows access to Web services over HTTP.
- TCP:22: opens port 22 and allows a remote connection to Linux CVMs over SSH.
- TCP:443: opens port 443 and allows access to Web services over HTTPS.
- TCP:3389: opens port 3389 and allows a remote connection to Windows CVMs over RDP.
- Private network: opens to the private network and allows private network access among different cloud resources (IPv4).
- After you select the IP addresses or ports to be opened, the detailed inbound and outbound rules appear on the Security Group Rule tab page.
- To open other ports for your business, refer to Security Group Use Cases to create security groups. For security reasons, we recommend that you only open ports when absolutely necessary to avoid unnecessary security risks.
- Configure other information as prompted.
Security Group Rules
Inbound rules: allows traffic to CVMs associated with a security group.
Outbound rules: indicates outbound traffic from the CVMs.
- Rules in a security group are prioritized from top to bottom.
- When a CVM is bound to a security group without rules, all inbound and outbound traffic is rejected by default. If a rule is available, the rule prevails.
- When a CVM is bound to multiple security groups, the security groups with smaller numbers have higher priority.
- When a CVM is bound to multiple security groups, the rejection rule takes effect for the security group with the lowest priority by default.
Security Group Limits
For more information, please see Security Group Limits.