Help Center/ Host Security Service/ User Guide/ Container Protection/ Container Firewalls/ Configuring a Network Defense Policy (for a Cluster Using the VPC Tunnel Network Model)
Updated on 2024-11-15 GMT+08:00
View PDF
Share

Configuring a Network Defense Policy (for a Cluster Using the VPC Tunnel Network Model)

For clusters using the VPC network model, you can configure network defense policies to limit the traffic that accesses the servers where containers are deployed. If no security group rules are configured, all incoming and outgoing traffic of the servers is allowed by default.

This section describes how to configure a network defense policy for a cluster using the VPC network model.

Creating a Network Defense Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  1. In the navigation pane on the left, choose Container Firewalls.
  2. (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
  3. Click Synchronize above the cluster list to synchronize the policies created on clusters.

    The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.

  1. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  2. In the Operation column of a node, click Configure Policy.
  3. In the displayed dialog box, click OK to go to the cloud server console.
  4. Click the Security Groups tab and view security group rules.
  5. Click Manage Rule. The security group page is displayed.
  6. Configure inbound and outbound rules.

    For details, see Adding a Security Group Rule.

Related Operations

Modifying or deleting a network defense policy

  1. Go to the HSS console.
  2. In the navigation pane on the left, choose Container Firewalls.
  3. (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
  4. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  5. Click Synchronize above the node list to synchronize node information.

    The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.

  6. In the Operation column of a node, click Configure Policy.
  7. In the displayed dialog box, click OK to go to the cloud server console.
  8. Click the Security Groups tab and view security group rules.
  9. Click Manage Rule. The security group page is displayed.
  10. Click a rule tab and manage rules as needed.

    • Modifying a rule

      In the Operation column of a rule, click Modify. Modify the rule and click OK.

    • Deleting a rule

      In the Operation column of a rule, click Delete. In the confirmation dialog box, click OK.

Parent Topic: Container Firewalls