End-user / Cloud / Security Groups

On this page the end user can manage security groups and security rules to manage network traffic. By default all network traffic is blocked and you define security groups and rules to allow specific network traffic.

When you access this page a list of existing security groups are displayed in card or table format:

../_images/list.png

Details

Clicking on a security group will take you to a security group details page:

../_images/details.png

Here you can see details for a security group and all the rules belonging to that group

Add a new group

To add a new security group click the add button on the bottom right of the page:

../_images/add-new.png

After you click the add button a create security group dialog will be displayed:

../_images/create.png

To create the security group select openstack region, fill up the group name and description and click Create.

Edit a new group

To edit an existing group click edit button on groups list or on group details. When you click the edit button the edit group dialog will be displayed:

../_images/edit.png

In this dialog you can change group name or description.

Delete a security group

To delete an existing group click delete button on group list or on group details. When you click the delete button a confirmation dialog will be displayed:

../_images/delete.png

Clicking Delete security group will delete the group.

Creating security rules

In order to allow network traffic you will need to add some security rules. To add a new security rule click Add rule button on security group list or details pages. When you click add a dialog will appear that allows you to create a new security rule:

../_images/add-rule-DNS.png

The following fields are available for a rule:

  • Rule - The type of rule

  • Direction - The direction of network traffic for the rule - can be Ingress or Egress

  • Remote - You can select here a CIDR or another security group

  • CIDR - The CIDR to apply the rule for

  • Remote security group - The remote security group to apply this rule for

  • Ether type - Here you can select ethernet protocol, can be either IPv4 or IPv6

For specific kinds of rules more fields are available.

The custom ICMP rule create dialog looks like this:

../_images/add-rule-custom-ICMP.png

and has the following extra fields:

  • ICMP Type - type of ICMP packet

  • ICMP Code - the ICMP error codes

The custom TCP rule create dialog looks like this:

../_images/add-rule-custom-TCP.png

and has the following extra fields:

  • Port - the TCP port to apply this rule to

  • All ports - checkbox allowing you to apply this rule to all TCP ports

The custom other protocol create dialog looks like this:

../_images/add-rule-other-protocol.png

and has the following extra fields:

  • Protocol - the protocol code

  • Port - the port to apply this rule to

  • All ports - checkbox allowing you to apply this rule to all ports

Deleting security rules

Security rules can be deleted on security group details page.