Help Center/ Server Migration Service/ FAQs/ Migration Network/ How Do I Configure Security Group Rules for Target Servers?
Updated on 2025-07-30 GMT+08:00
View PDF

How Do I Configure Security Group Rules for Target Servers?

  1. Sign in to the console.
  2. Click in the upper left corner and select the desired region and project.
  3. Under Compute, click Elastic Cloud Server.
  4. In the ECS list, click the name of the target ECS.

    The page providing details about the ECS is displayed.

  5. Click the Security Groups tab and view security group rules.
  6. Click Manage Rule.

    The Summary page of the security group is displayed.

  7. On the Inbound Rules tab, click Add Rule to configure an inbound rule.
    • If the ECS runs Windows, configure three rules: one for port 8899, one for port 8900, and one for port 22. For each, set the protocol to TCP.
      Figure 1 Adding inbound rules
    • If the ECS runs Linux, configure two rules: one for port 8900 and one for port 22. For each, set the protocol to TCP.

      Port 22 is required for a Linux file-level migration.

      Ports 8900 and 22 are required for a Linux block-level migration.

      Figure 2 Adding inbound rules
    • For all the rules, set Source to the IP address range containing the IP addresses that you want to allow to access the ECS over the Internet.
      • If you migrate over the Internet, only allow traffic from the public IP address of the source server over the preceding ports. If you migrate over a private network, only allow traffic from the private IP address of the source server over the preceding ports.

        If you retain the default value 0.0.0.0/0 for Source IP Address, it indicates that all IP addresses can access the ECS.

      • The firewall of the ECS must allow traffic to these ports.
  8. Click OK.
Parent Topic: Migration Network