Help Center/ Cloud Backup and Recovery/ User Guide/ Database Server Backup/ Changing Security Group Rules
Updated on 2025-11-03 GMT+08:00
View PDF
Share

Changing Security Group Rules

Context

A security group is a collection of inbound and outbound rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. You can create different inbound and outbound rules for the security group to protect the ECSs that are added to this security group. The system creates a security group for each cloud account by default. The default outbound rule allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. You can also create custom security groups by yourself.

When creating a security group, you must add the inbound and outbound rules and enable the ports required for database server backup to prevent backup failures.

Operation Instructions

Before using database server backup, you need to change security group rules. To ensure network security, CBR has not set any inbound rule, so you need to manually set it.

In the inbound direction, allow traffic from 100.125.0.0/16 over any port from 59526 to 59528. In the outbound direction, allow traffic destined for 100.125.0.0/16 over any port from 1 to 65535. The default outbound rule allows all data packets destined for 0.0.0.0/0 (any IP address). Therefore, you can also use the default outbound rule.

Procedure

  1. Log in to the ECS console.

    1. Log in to the management console.
    2. Click in the upper left corner and select a region.
    3. Under Compute, click Elastic Cloud Server.

  2. In the navigation pane, choose Elastic Cloud Server. On the page displayed, select the target server. Go to the server details page.
  3. On the Security Groups tab, locate the target security group, and click Manage Rule. On the Security Groups tab, locate the target security group, and click Manage Rule.
  4. On the Inbound Rules tab, click Add Rule. The Add Inbound Rule dialog box is displayed. Select TCP (Custom ports) for Protocol & Port, enter 59526-59528, select IP address for Source and enter 100.125.0.0/16. After supplementing the description, click OK to finish setting the inbound rule. You can view the added inbound rule on the Inbound Rules tab of the security group.

    Figure 1 Adding an inbound rule

  5. On the Outbound Rules tab, click Add Rule. The Add Outbound Rule dialog box is displayed. Select TCP (Custom ports) for Protocol & Port, enter 1-65535, select IP address for Destination and enter 100.125.0.0/16. After supplementing the description, click OK to finish setting the outbound rule. You can view the added outbound rule on the Outbound Rules tab of the security group.

    Figure 2 Adding an outbound rule

Parent topic: Database Server Backup