A security group is a stateful virtual firewall capable of filtering. As an important means for network security isolation provided by Tencent Cloud, it can be used to set network access controls for one or more TencentDB instances. Instances with the same network security isolation demands in one region can be put into the same security group, which is a logical group. TencentDB and CVM share the security group list and are matched with each other within the security group based on rules.
Note:
- TencentDB security group currently only supports network access control for VPCs and public network but not the classic network.
- As TencentDB does not have active outbound traffic, outbound rules are not applicable to TencentDB.
- TencentDB for Redis security group supports master, read-only, and disaster recovery instances.
Template | Description | Remarks |
---|---|---|
Open all ports | All ports are opened to the public and private networks. This may present security issues. | - |
Open ports 22, 80, 443, and 3389 and the ICMP protocol | Ports 22, 80, 443, and 3389 and the ICMP protocol are opened to the internet. All ports are opened to the private network. | This template does not take effect for TencentDB. |
Custom | You can create a security group and then add custom rules. For detailed directions, please see "Step 2. Add a security group rule" below. | - |
On the Security Group page, click Modify Rules in the "Operation" column on the row of the security group for which to configure a rule.
On the security group rule page, click Inbound rule > Add a Rule.
In the pop-up dialog box, set the rule.
Type: "Custom" is selected by default. You can also choose another system rule template.
Source: traffic source (inbound rule) or destination (outbound rule). You need to specify one of the following options:
Source/Destination | Description |
---|---|
IPv4 address or IPv4 address range | In CIDR format (such as 203.0.113.0 , 203.0.113.0/24 , or 0.0.0.0/0 , where 0.0.0.0/0 indicates all IPv4 addresses). |
IPv6 address or IPv6 address range | In CIDR format (such as FF05::B5 , FF05:B5::/60 , ::/0 , or 0::0/0 , where ::/0 or 0::0/0 indicate all IPv6 addresses). |
ID of referenced security group. You can reference the ID of:
|
|
Reference an IP address object or IP address group object in a parameter template. | - |
Protocol port: enter the protocol type and port range. You can view the port (which is 6379 by default) on the instance details page in the TencentDB for Redis Console. You can also reference a protocol port or protocol port group in a parameter template.
Policy: "Allow" is selected by default.
Notes: a short description of the rule for easier management.
Click Complete to finish adding the inbound rule.
A security group is an instance-level firewall provided by Tencent Cloud for controlling inbound traffic of TencentDB. You can associate a security group with an instance when purchasing it or later in the console.
Note:
Currently, security groups can be configured only for TencentDB for Redis instances in VPC.
Note:
If there are existing rules in the security group, export them before importing new rules. Existing rules are overwritten after importing.
Was this page helpful?