Instance Port Verification

Last updated: 2021-09-27 10:21:59

    The instance port verification feature can help you detect the port accessibility of a security group associated with CVM instances, locate faults, and improve the user experience.
    This feature supports the accessibility detection of common ports and custom ports. See below for the common ports.

    Rule Port Description
    Inbound rules ICMP protocol Used to pass control messages such as the ping command. ICMP is a control protocol, and no ports are involved.
    TCP:20 Used to allow uploads and downloads over FTP.
    TCP:21
    TCP:22 Used to allow Linux SSH login.
    TCP:3389 Used to allow Windows remote login.
    TCP:443 Used to provide website HTTPS service.
    TCP:80 Used to provide website HTTP service.
    Outbound rules ALL Used to allow all outbound traffic for access to external networks.

    Operation Guide

    1. Log in to the VPC console.

    2. Click Diagnostic Tools > Port Verification in the left sidebar to access the management page.

    3. Select a region at the top of the page, locate the instance you want to verify in the list, and click Quick Check.

    4. You can see the port detection details in the pop-up window. Perform the following operations as needed.

      • Uncheck the port that you do not want to detect.
      • Enter custom ports to detect and click Save.
        • Protocol: select TCP or UDP.
        • Port: enter one port number to detect, which cannot be the same as a common port.
        • Direction: select Inbound or Outbound.
        • IP: enter the source IP for the inbound direction and destination IP for the outbound direction. Enter ALL for all source and destination IP addresses.
        • Up to 15 custom ports can be detected.

      If you need to detect the outbound traffic towards IP 10.0.1.12 using TCP protocol through port 30, enter the following information in the Custom port detection area.

    5. After completing the configuration, click Detect. The result will be displayed in the Policy column.

      Assumes that you need to open an Not opened port, for example TCP:22,

      Then you can add an inbound rule for the security group associated with the instance in the Security Group console to open port TCP:22. You can select all for Source to allow all IPs, or enter a specific IP (IP range).

    Relevant Information