Managing Security Groups
You can modify security groups by adding and removing rules. Editing rules is not available. If you need to change the existing rule, remove it and recreate with the required parameters.
Prerequisites
You have a security group created, as described in Create a Security Groups.
Limitations
-
You can manage only IPv4 security group rules.
-
You cannot delete a security group if it is assigned to a virtual machine.
Edit a Security Groups
Add a Rule to a Security Group
-
On the "Security Groups" page, click the security group to add a rule to.
-
In the right pane of the group, click Add in the incoming section to write a rule for incoming rules to create a rule for incoming or outgoing traffic
Or click Add in the Outgoing section.
-
Specify the rule parameters:
-
Select a protocol from the list or enter a number from 0 to 255.
-
Enter a single port or a port range. Some protocols already have a predefined port range. For example, the port for SSH is 22.
-
Select a predefined subnet CIDR or an existing security group.
-
-
Click the check mark to save the changes.
As soon as the rule is created, it is applied to all of the virtual machines assigned to the security group.
Remove a Rule from Security Group
- On the Security groups page, click the required security group.
- On the group right pane, click the bin icon next to a rule you want to remove.
As soon as the rule is removed, this change is applied to all of the virtual machines assigned to the security group.
Changing Security Group Assignment
When you create a VM, you select security groups for the VM network interfaces. You can also change assigned security groups later.
Limitations
You cannot configure security groups if spoofing protection is disabled or IP address management is disabled for the selected network.
To view Virtual Machines assigned to a Security Group
- On the "Security Groups" page, click the required security group.
- On the group right pane, navigate to the Assigned VMs tab. All the assigned virtual machines will be shown along with their status.
You can click the VM name to go to the VM Overview pane and change the security group assignment for its network interfaces.
To assign a Security Group to a Virtual Machine
- On the "Virtual machines" page, click the required virtual machine.
- On the Overview tab, click the pencil icon in the Networks section.
- Click the ellipsis icon next to the network interface to assign a security group to, and then click Edit.
- In the Edit network interface window, go to the Security groups tab.
- Select one or more security groups from the list, and then click Save.
The rules from chosen security groups will be applied at runtime.
Delete a Security Group
- On the "Security Groups" page, click the required security group.
- Click "Delete" in the edit window for the group.