Security Group Policy Inbound Connection on Alibaba Cloud

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Andrea1701
    New Member
    • Nov 2017
    • 34
    #1

    Security Group Policy Inbound Connection on Alibaba Cloud

    From my understanding, in order ECS within same VPC (intranet) to communicate between them we need to put them in the same security group. By default firewall policy for inbound is deny all and outbound is allow all. Someone can verify this?
    My question is if there is incoming external connection to communicate with one ECS only (lets say using port 443), so we need to create a new security group that is applicable to that particular ECS and create firewall rule with priorty that is lower than previous security group?
    Tags: None
    • TimoHa
      New Member
      • Nov 2017
      • 22
      #2
      My question is if there is incoming external connection to communicate with one ECS only (lets say using port 443), so we need to create a new security group that is applicable to that particular ECS and create firewall rule with priorty that is lower than previous security group?

      Answer: Consider VPC as a virtual network for IP range192.168.0. 0/16, inside that VPC you can create mutliple vSwitches (VLANs).. for example: vSwitch-1 for subnet 192.168.1.0/24, vSwitch-2 for subnet 192.168.2.0/24, and vSwitch-3 for subnet 192.168.3.0/24, and so on.... all these subnets will be able to communicate with each other..
      Now about security groups: Consider SGs as firewall, if you want to allow certain traffic (lets say port 443), create new SG wth allow port 443, and add ECS to that SG, you can remove that ECS from default SG.

        Comment

        Previous template Next
        Working...