Creating a security group for traffic to and from external networks

In this security group, you will find the rules allowing traffic from external networks to SMC, and from protected networks to external networks.
To enable access to SMC, the following inbound traffic is allowed:

  • SSH: access to the SMC server in console mode,
  • HTTPS: access to the SMC server web administration interface,
  • TCP/1754: default port through which SNS firewalls connect.

Creating the security group

In the Network/Security menu in the 3DS Outscale Cockpit console:

  1. Select Security groups.
  2. Click on Create.
  3. Give the security group a name.
  4. Add a description.
  5. Select the VPC created earlier.
  6. Click on Create.

Creating the security rules corresponding to traffic allowed with external networks

  1. Select the security group created earlier.
    The list of rules attached to the security group appears in the lower section of the configuration screen.
  2. In the list of rules, click on Create rule.
  3. Select Inbound mode.
  4. Select SSH as the protocol.
  5. Click on All IPs.
  6. Click on the "+" symbol.
  7. Repeat steps 3 to 6 with HTTPS as the protocol.
  8. Repeat steps 3 to 6 with the values Inbound, Custom, TCP, 1754 and All IPs.
  9. Confirm the rules by clicking on Create.

A rule allowing outbound traffic will be automatically created.
This rule must not be deleted as it allows, in particular, the necessary outbound traffic to retrieve security updates for instances deployed in the VPC.

The list of rules describing traffic allowed for the security group will therefore look like this:
Rules describing traffic allowed for the security group