Configure a security group
Overview
This topic describes how to configure a security group to control the inbound and outbound traffic of Elastic Compute Service (ECS) instances in the security group after an IPsec-VPN connection is created.
Procedure
- In the left-side navigation pane, choose VPN > IPsec Connections.
- On the IPsec Connections page, find the IPsec-VPN connection that you want to manage and click Configure routing security groups in the Operation column.
- In the Configure routing security groups dialog box, set the following parameters and click OK.
| Parameter | Description |
|---|---|
| Security Group | Select the security group to which you want to add the security group rule. |
| Regular direction | Select the direction to which the security group rule applies. · Out direction: controls data transfer from the ECS instances in the security group to the Internet or other ECS instances. · Inbound direction: controls data transfer from the Internet or other ECS instances to the ECS instances in the security group. |
| Authorization policy | Specify the action to be performed on the requests that match the rule. · Allow : accepts requests. · Deny : denies requests without returning a response. If two security group rules use the same settings except for the action, the Deny action prevails over the Allow action. |
| Protocol type | Select a protocol for the security group rule. |
| Port range | Enter a port range for the security group rule. Valid values: -1 and 1 to 65535. You cannot enter only -1. Examples: 1/200 specifies port s 1 to 200. 80/80 specifies port 80. -1/-1 specifies all ports. |
| Priority | Set the priority of the rule. Valid values: 1 to 100. The default value is 1, which indicates the highest priority. |
| Authorization Type | Specify the type of addresses that the security group rule allows or denies. Only Address segment access is supported. |
| NIC Type | Specify the type of data transfer that the security group rule controls. · Internal : controls data transfer within stack. · External : controls data transfer over the Internet. |
| Authorization object | Specify the CIDR blocks that you want the security group rule to allow or deny. You can specify at most 10 CIDR blocks. |
| Automatic routing | Specify whether to automatically advertise routes. This feature is disabled by default. |
| Description | Enter a description for the security group rule. This parameter is optional. If you enter a description, the description must be 2 to 256 characters in length, and cannot start with http:// or https://. |
