Configuring Security Group Rules for a FlexusX Instance

Scenarios

Similar to a firewall, a security group is used to control network access. You can define access rules for a security group to protect the FlexusX instances in the group.

• Inbound rules allow or deny incoming network traffic to FlexusX instances in the security group.
• Outbound rules allow or deny outgoing network traffic from FlexusX instances in the security group.

Procedure

1. Log in to the FlexusX console, in the upper left corner, click , and select a region.
2. On the FlexusX Instances page, locate the FlexusX instance and click its name.

   The details page of this instance is displayed.

3. On the detailed page, click the Security Groups tab and view security group rules.
4. Click Manage Rule.

   The page for configuring security group rules is displayed.

   

5. On the Inbound Rules tab, click Add Rule.

   The Add Inbound Rule dialog box is displayed.

6. Configure required parameters.

   You can click + to add more inbound rules. For details about the parameters, see Adding a Security Group Rule.

   Figure 1 Adding an inbound rule
   
7. On the Outbound Rules tab, click Add Rule.

   The Add Outbound Rule dialog box is displayed.

8. Configure required parameters.

   You can click + to add more outbound rules. For details about the parameters, see Adding a Security Group Rule.

9. Click OK.

Verifying Security Group Rules

After adding inbound and outbound rules, you can verify whether the rules have been applied. Assume that you have deployed a website on a FlexusX instance. To enable users to access your website through HTTP (80), you need to add an inbound rule to the security group of the FlexusX instance to allow access over this port. Table 1 shows the rule details.

Linux

If the instance runs Linux, perform the following operations to verify whether the security group rule has been applied:

1. Log in to the FlexusX instance.
2. Run the following command to check whether TCP port 80 is listened on:

   netstat -an | grep 80

   If command output shown in Figure 2 is displayed, TCP port 80 is listened on.

   Figure 2 Command output for the TCP port 80 of the Linux FlexusX instance
   
3. Enter http://EIP bound to the FlexusX instance in the address box of the browser and press Enter.

   If the requested page can be accessed, the security group rule has taken effect.

Impacts of Deleting Common Security Group Rules

On the Inbound Rules and Outbound Rules tabs, you can also modify, replicate, or delete existing rules.

Deleting security group rules will disable some functions.

• If you delete a rule with Protocol & Port specified as TCP: 20-21, you will not be able to upload files to or download files from servers using FTP.
• If you delete a rule with Protocol & Port specified as ICMP: All, you will not be able to ping the servers.
• If you delete a rule with Protocol & Port specified as TCP: 443, you will not be able to connect to websites on the servers using HTTPS.
• If you delete a rule with Protocol & Port specified as TCP: 80, you will not be able to connect to websites on servers using HTTP.
• If you delete a rule with Protocol & Port specified as TCP: 22, you will not be able to remotely connect to Linux servers using SSH.
• If you delete a rule with Protocol & Port specified as TCP: 3389, you will not be able to remotely connect to Windows servers using RDP.