Introduction to Security Groups¶
Security Groups define which inbound traffic a VM can receive and which outbound traffic a VM can transmit.
To access the Networking - Security Groups view, click on the Security Groups option in the Networking sub-menu.
This view provides you with information about the security groups currently defined in your system.
For each Security Group the following information is provided:
Name - name of the security group.
Description - description of the security group (optional).
Owner - the project to which the security group belongs.
VM Count - the number of VMs attached to this security group.
Clicking on a specific Security group displays widgets listing the Security Group’s rules and the Attached Virtual Machines.
Creating Security Groups¶
To create a security group:
Click Networking > Security Groups > Create. The Create Security Group dialog box is displayed.
Enter the following information:
Name – enter the name of the security group.
Description (optional) - enter a description of the security group.
Account - account associated with this security group.
Project (optional) - select a project that can subscribe to this security group
Click the Add button to define rules for the security group.
Internet Protocol Version - select IPV4 or IPV6
Direction - Select EGRESS for defining a rule for outbound traffic. Select INGRESS for defining a rule for inbound traffic
Protocol - Specify the protocol of the traffic this rule will apply to, by selecting either ‘TCP’, ‘UDP’ or ‘ICMP’, or permit traffic from any protocol by selecting ‘Any’.
Start port and end port
If Protocol = ‘Any’, then leave blank.
If Protocol = ‘TCP’ or ‘UDP’, then enter the port range delimiting the traffic.
If Protocol = ‘ICMP’, then enter the ICMP Message Type in the first field and ICMP Code in the second field.
Remote - limit the traffic to or from a specific remote site by selecting either ‘Group’ or ‘Subnet’, or allow traffic to or from any remote site by selecting ‘Any’.
If you select Subnet:
If the direction is INGRESS, then specify a CIDR for allowed origin data.
If the direction is EGRESS, then specify a CIDR for allowed target data.
If Group/Subnet = ‘Any’, then the field is not displayed.
If Group/Subnet = ‘Group’, then select one of the security groups.
If Group/Subnet = ‘Subnet’, then enter the subnet in CIDR format (10.11.12.0/24).
Click OK to create the security group. The new security group appears in the Networking - Security Groups view.