Help Center/ Workspace/ FAQs/ FAQs for Administrators/ How Do I Configure Security Group Rules When Using a Custom Security Group?
Updated on 2024-06-13 GMT+08:00

How Do I Configure Security Group Rules When Using a Custom Security Group?

Scenario

When changing a desktop security group, check whether the security group in use has allowed the inbound and outbound rules required for desktop access. If not, desktop access will be affected.

Procedure

AD connected

  • At least the IP addresses whose destination addresses are AD/DNS and ports of AD/DNS must be allowed in the outbound rules of the security group. Check details about the port list in Configuring Network Connection Between Workspace and Windows AD.
  • If Workspace needs to access other service systems, configure security group rules as needed.

Direct Connect access

  1. Log in to the Workspace console.

    In the navigation pane, choose Desktops > Desktops.

    The Desktops page is displayed.

  2. Configure the desktop network.

    • To check the security group configuration of a single desktop, perform 3 and 6 to 11.
    • To batch check the security group configuration of desktops, perform 4 to 11.

  3. Locate the row that contains the desktop whose security group is to be changed and choose More > Network Settings > Desktop Network Settings in the Operation column.
  4. Batch select multiple desktops whose security groups are to be changed and choose More > Desktop Network Settings in the upper left corner. The Desktop Network Settings page is displayed.
  5. Select Use the new security group for Security Group.
  6. Click View existing security groups. The Security Groups page of Network Console is displayed.
  7. Click Manage Rules in the Operation column of the desired security group.
  8. Check whether the ports listed in Table 1 exist under the Inbound Rules tab.

    Table 1 Ports

    Port

    Protocol

    Description

    28511–28512

    TCP

    Desktops are accessed through the gateway.

    28511–28512

    UDP

    Desktops are accessed through the gateway.

    • If yes, the security group has allowed the inbound rules required for desktop access. You do not need to add the rules again.
    • If no, perform 9 to 11.

  1. Under the Inbound Rules tab of the security group, click Add Rule. The Add Inbound Rule window is displayed.
  2. Click to add a rule.

    Figure 1 Adding an inbound rule

  3. Click OK.