Guide: Using security groups

content:

Using security groups

To add a new security group, go to Infrastructure -> Network.

From the Network menu go to Security Groups.

Each new tenant in the Security Groups panel has 2 default security groups:

  • default - each instance with the "default" security group, because the instances that will be in this group will have internal communication,
  • <tenant_name>_security_group - security group, which by default has rules on SSH and ICMP.

You can't edit these two security groups because they were created from Master Tenant level. However, you can create any other security group with any rule by pressing the "+ADD" button.

After pressing the button, a window with the form for creating a new security group should appear:

  • NAME - name of the new security group,
  • DESCRIPTION - description of the new security group,
  • SCOPED CLOUD - select the cloud on which the new security group will be created. We do not recommend using the "All" option in the "SCOPED CLOUD" field.

After completing the required fields, press the "SAVE CHANGES" button.

The newly created group should be visible in the security groups panel with the value "CREATED" in the "Source" column. The value "SYNCED" means that the given security group has been synchronized from another level, while the value "CREATED" means that the given group was created by one of the tenant members.

As you can see next to the newly created security group, a pencil icon appeared that allows you to edit the created group and a trash icon that allows to delete the group.

To manage the rules of a given security group, click its name.

In the RULES section, you can view the rules that apply to this security group.

To add a new rule to a given security group, press the "+ADD RULE" button.

After pressing the button, a window with the form to create new rules will appear:

  • NAME - name for the new rule,
  • DIRECTION - depending on rule you want to create, you can choose "ingress" or "egress",
  • RULE TYPE - change to "Custom Rule" option,
  • PROTOCOL - depending on rule you want to create, select the protocol you are interested in, for our example it will be TCP,
  • PORT RANGE - port to which the new rule will apply, for example, we chose HTTP port 80,
  • SOURCE TYPE and DESTINATION TYPE - depending on the rule you want to create, you can specify the source and destination,
  • SOURCE - range of addresses that will have access to the port. By entering the value "0.0.0.0/0" the port will be accessible from any address.

After completing the required fields, press the "SAVE CHANGES" button.

The newly created rule will be visible in the RULES section.

Creating a new security group does not add it to the instance. To do this, go to Provisioning->Instances, and then select the instance to which you want to add a new security group.

From the bottom section select the Network tab.

After going to the "Network" tab, expand "SECURITY GROUPS".

After expanding the bar, you can see the current security groups that are added to the selected instance. To add or remove a group, press the "EDIT SECURITY GROUPS" button.

After pressing the button, a window with the edition of security groups for the selected instance will appear. If you want to delete a given security group, press the "X" button next to the given group. If you want to add another one, enter its name in the search field, and then click on the searched group. After editing, press the "SAVE" button.

The newly added security group for the instance will be visible in the "SECURITY GROUPS" bar.