By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,956 Members | 1,657 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,956 IT Pros & Developers. It's quick & easy.

Security Group Policy Inbound Connection on Alibaba Cloud

P: 34
From my understanding, in order ECS within same VPC (intranet) to communicate between them we need to put them in the same security group. By default firewall policy for inbound is deny all and outbound is allow all. Someone can verify this?
My question is if there is incoming external connection to communicate with one ECS only (lets say using port 443), so we need to create a new security group that is applicable to that particular ECS and create firewall rule with priorty that is lower than previous security group?
May 23 '18 #1
Share this Question
Share on Google+
1 Reply


P: 22
My question is if there is incoming external connection to communicate with one ECS only (lets say using port 443), so we need to create a new security group that is applicable to that particular ECS and create firewall rule with priorty that is lower than previous security group?

Answer: Consider VPC as a virtual network for IP range192.168.0.0/16, inside that VPC you can create mutliple vSwitches (VLANs).. for example: vSwitch-1 for subnet 192.168.1.0/24, vSwitch-2 for subnet 192.168.2.0/24, and vSwitch-3 for subnet 192.168.3.0/24, and so on.... all these subnets will be able to communicate with each other..
Now about security groups: Consider SGs as firewall, if you want to allow certain traffic (lets say port 443), create new SG wth allow port 443, and add ECS to that SG, you can remove that ECS from default SG.
May 24 '18 #2

Post your reply

Sign in to post your reply or Sign up for a free account.