Updated on 2023-08-18 GMT+08:00

Changing a Security Group

Context

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the ECSs that are added to this security group. The default security group rule allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. The system creates a security group for each cloud account by default. You can also create custom security groups by yourself.

When creating a security group, you must add the inbound and outbound access rules and enable the ports required for application-consistent backup to prevent application-consistent backup failures.

Operation Instructions

Before using the application-consistent backup function, you need to change the security group. To ensure network security, CBR has not set the inbound direction of a security group, so you need to manually configure it.

In the outbound direction of the security group, ports 1 to 65535 on the 100.125.0.0/16 network segment must be configured. In the inbound direction, ports 59526 to 59528 on the 100.125.0.0/16 network segment must be configured. The default outbound rule is 0.0.0.0/0, that is, all data packets are permitted. If the default rule in the outbound direction is not modified, you do not need to configure the outbound direction.

Procedure

  1. Log in to the ECS console.

    1. Log in to the management console.
    2. Click in the upper left corner and select a region.
    3. Under Computing, click Elastic Cloud Server.

  2. In the navigation pane on the left, choose Elastic Cloud Server or Bare Metal Server. On the page displayed, select the target server. Go to the server details page.
  3. Click the Security Groups tab and select the target security group. On the right of the ECS page, click Modify Security Group Rule for an ECS. Click Change Security Group for a BMS. In the displayed dialog box, click Manage Security Group.
  4. On the Security Groups page, click the Inbound Rules tab, and then click Add Rule. The Add Inbound Rule dialog box is displayed, as shown in Figure 1. Select TCP for Protocol/Application, enter 59526-59528 in Port & Source, select IP address for Source and enter 100.125.0.0/16. After supplementing the description, click OK to complete the setting of the inbound rule.

    Figure 1 Adding an inbound rule

  5. Click the Outbound Rules tab, and then click Add Rule. The Add Outbound Rule dialog box is displayed, as shown in Figure 2. Select TCP for Protocol/Application, enter 1-65535 in Port & Source, select IP address for Destination and enter 100.125.0.0/16. After supplementing the description, click OK to complete the setting of the outbound rule.

    Figure 2 Adding an outbound rule