This document uses security group creation as an example to describe how to configure security groups for the first time based on security group rules provided by Tencent Cloud when you customize instances. For other security-group-related operations, see the Security Group page in the CVM console. For more details on security groups, see Security Groups.
Configuring Security Groups
- Select Create Security Group, as shown in the following figure.
If you already have available security groups, you can select Existing Security Groups.
- Select IP addresses or ports to be opened based on your actual requirements.
Rules for a new security group are as follows:
- ICMP: enable ICMP and allow the public network to ping the server.
- TCP:80: open port 80 and allow web service access through HTTP.
- TCP:22: open port 22 and allow SSH remote connection to the Linux CVM.
- TCP:443: open port 443 and allow web service access through HTTPS.
- TCP:3389: open port 3389 and allow RDP connection to the Windows CVM.
- Private network: open the private network and allow intercommunication (IPv4-based) between different cloud resources through the private network.
- After you select the IP addresses or ports to be opened, the detailed inbound and outbound rules appear on the Security Group Rule tab page.
- To open other ports for your business, refer to security group use cases to create security groups. For security purposes, Tencent Cloud recommends that you only open required ports to prevent potential security risks.
- Configure other information as prompted.
Security Group Rules
Inbound rule: allows traffic to CVMs associated with a security group.
Outbound rule: indicates outbound traffic from the CVMs.
- Rules in a security group are prioritized from the top down.
- When a CVM is bound to a security group without rules, all inbound and outbound traffic is rejected by default. If a rule is available, the rule prevails.
- When a CVM is bound to multiple security groups, the security groups with smaller numbers have higher priority.
- When a CVM is bound to multiple security groups, the rejection rule takes effect for the security group with the lowest priority by default.
Security Group Restrictions
For details, see Use Limits.