Introduction to Security Groups

Overview of Security Groups

A security group is a stateful, packet-filtering virtual firewall capable of network access control between different VPCs and instances within the same VPC.

Current support instances: cloud hosts, virtual network cards;

Description of initial rules of the security group

The instance within the security group limits the inbound traffic and allows all outbound traffic if the user enables the security group but does not configure any security group rules.

Execution order of security group rules

Match according to priority, first match the priority of the security group, and then match the priority of the rules in the security group (the smaller the number, the higher the priority);

Group priority: The priority between different security groups under the same instance, the smaller the better, cannot be repeated, the value range is 1-5;

Rule priority: The priority between different rules within the same security group, the smaller the better, cannot be repeated, the range is 1-200;

Template of security group rules

A common WEB server template is provided by default: the instance inside the security group allows TCP ports 22, 3389, 80, 443 and ICMP protocol, allows all internal network segments, and allows all outbound traffic;

Operation process of security group

The operation process of the security group is shown as below:

Security groups and internet firewalls can coexist

If the security group and the Internet firewall coexist, the traffic accessing the instances inside the security group from the Internet will be processed by the Internet firewall rules first, and the allowed traffic will be processed by the security group rules, finally reaching the instance inside the security group; Conversely, the traffic from the instance inside the security group to the Internet will be processed by the security group rules first, and after being allowed, it will pass through the Internet firewall rules. All allowed traffic can access the Internet.

Use limitations of security group

1, Support model limits: Fast Jay Cloud Host (Virtual Machine), Virtual Network Card

2, Usage limitations:

 1）A single instance can bind up to 5 security groups;

 2）A maximum of 50 inbound and outbound rules under one security group;

 3）A maximum of 100 instances can be bound under one security group;

 4）A single company ID can create up to 50 security groups;

Other usage notes of security groups

1, The security group can only bind instances under the same VPC;

2, Different network cards on the same cloud host are completely independent instances and can bind different security groups;

3, It is recommended that VIPs drift only between instances that are bound to the same security group;

4, The cloud host that originally configured the internet firewall, change the security rules to security group, after the host migration is completed, the security group rules will take effect, at this time the security group and firewall rules will coexist on this cloud host;

5, The security group does not currently support IPv6;